Skip to content

Instantly share code, notes, and snippets.

@YuriFontella

YuriFontella/webhook.py

Created March 16, 2024 01:44
Show Gist options
  • Save YuriFontella/544a3be2386645d69ab6a744b9497a2b to your computer and use it in GitHub Desktop.
Save YuriFontella/544a3be2386645d69ab6a744b9497a2b to your computer and use it in GitHub Desktop.
Download ZIP
starlette and hmac
Raw
webhook.py
from starlette.applications import Starlette
from starlette.responses import JSONResponse, Response
from starlette.requests import Request
from starlette.routing import Route
import hmac
import hashlib
import secrets
import sqlite3
conn = sqlite3.connect('secrets.db')
cursor = conn.cursor()
cursor.execute('CREATE TABLE IF NOT EXISTS secrets (token BLOB, signature TEXT)')
SECRET = b'e3b0a0dc5bbbc0bf3cb9348374feb1cd645f21db8396a7f5fb6eacbdb725cd9'
def create(TOKEN):
return hmac.new(SECRET, TOKEN, hashlib.sha256).hexdigest()
def generate():
TOKEN = secrets.token_bytes(8)
signature = create(TOKEN)
print(signature)
cursor.execute('INSERT INTO secrets (token, signature) VALUES (?, ?)', (TOKEN, signature))
conn.commit()
def verify(signature):
cursor.execute('SELECT token FROM secrets ORDER BY rowid DESC LIMIT 1')
row = cursor.fetchone()
if row:
TOKEN = row[0]
else:
return False
generate = create(TOKEN)
return hmac.compare_digest(generate, signature)
async def webhook(request: Request):
signature = request.headers.get('X-Signature')
if not signature or not verify(signature):
return Response('Assinatura inválida.', status_code=403)
data = await request.json()
return JSONResponse({'message': 'Dados recebidos com sucesso!'})
routes = [
Route('/webhook', webhook, methods=['POST'])
]
app = Starlette(debug=True, routes=routes, on_startup=generate())
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment