Skip to content

Instantly share code, notes, and snippets.

@athoune
Last active October 15, 2022 13:51
Show Gist options
  • Save athoune/1f9650207abe3ee34499bb47c268fa83 to your computer and use it in GitHub Desktop.
Save athoune/1f9650207abe3ee34499bb47c268fa83 to your computer and use it in GitHub Desktop.
aiohttp webhook for github
async def github_webhook(secret :str, request :web.Request) -> dict:
assert request.content_length < 1000000, "Request content too fat" # 1M
digest, signature = request.headers['X-HUB-SIGNATURE'].split("=", 1)
assert digest == "sha1", "Digest must be sha1" # use a whitelist
body = await request.content.read()
h = hmac.HMAC(bytes(secret, "UTF8"), msg=body, digestmod=digest)
assert h.hexdigest() == signature, "Bad signature"
return json.loads(body.decode('UTF8'))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment