Created
March 16, 2024 01:44
-
-
Save YuriFontella/544a3be2386645d69ab6a744b9497a2b to your computer and use it in GitHub Desktop.
starlette and hmac
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from starlette.applications import Starlette | |
from starlette.responses import JSONResponse, Response | |
from starlette.requests import Request | |
from starlette.routing import Route | |
import hmac | |
import hashlib | |
import secrets | |
import sqlite3 | |
conn = sqlite3.connect('secrets.db') | |
cursor = conn.cursor() | |
cursor.execute('CREATE TABLE IF NOT EXISTS secrets (token BLOB, signature TEXT)') | |
SECRET = b'e3b0a0dc5bbbc0bf3cb9348374feb1cd645f21db8396a7f5fb6eacbdb725cd9' | |
def create(TOKEN): | |
return hmac.new(SECRET, TOKEN, hashlib.sha256).hexdigest() | |
def generate(): | |
TOKEN = secrets.token_bytes(8) | |
signature = create(TOKEN) | |
print(signature) | |
cursor.execute('INSERT INTO secrets (token, signature) VALUES (?, ?)', (TOKEN, signature)) | |
conn.commit() | |
def verify(signature): | |
cursor.execute('SELECT token FROM secrets ORDER BY rowid DESC LIMIT 1') | |
row = cursor.fetchone() | |
if row: | |
TOKEN = row[0] | |
else: | |
return False | |
generate = create(TOKEN) | |
return hmac.compare_digest(generate, signature) | |
async def webhook(request: Request): | |
signature = request.headers.get('X-Signature') | |
if not signature or not verify(signature): | |
return Response('Assinatura inválida.', status_code=403) | |
data = await request.json() | |
return JSONResponse({'message': 'Dados recebidos com sucesso!'}) | |
routes = [ | |
Route('/webhook', webhook, methods=['POST']) | |
] | |
app = Starlette(debug=True, routes=routes, on_startup=generate()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment