Skip to content

Instantly share code, notes, and snippets.

Last active June 25, 2022 14:51
Show Gist options
  • Save vitorfs/145a8b8f0865cb65ee915e0c846fc303 to your computer and use it in GitHub Desktop.
Save vitorfs/145a8b8f0865cb65ee915e0c846fc303 to your computer and use it in GitHub Desktop.
Handling GitHub Webhooks Using Django
import hmac
from hashlib import sha1
from django.conf import settings
from django.http import HttpResponse, HttpResponseForbidden, HttpResponseServerError
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_POST
from django.utils.encoding import force_bytes
import requests
from ipaddress import ip_address, ip_network
def hello(request):
# Verify if request came from GitHub
forwarded_for = u'{}'.format(request.META.get('HTTP_X_FORWARDED_FOR'))
client_ip_address = ip_address(forwarded_for)
whitelist = requests.get('').json()['hooks']
for valid_ip in whitelist:
if client_ip_address in ip_network(valid_ip):
return HttpResponseForbidden('Permission denied.')
# Verify the request signature
header_signature = request.META.get('HTTP_X_HUB_SIGNATURE')
if header_signature is None:
return HttpResponseForbidden('Permission denied.')
sha_name, signature = header_signature.split('=')
if sha_name != 'sha1':
return HttpResponseServerError('Operation not supported.', status=501)
mac =, msg=force_bytes(request.body), digestmod=sha1)
if not hmac.compare_digest(force_bytes(mac.hexdigest()), force_bytes(signature)):
return HttpResponseForbidden('Permission denied.')
# If request reached this point we are in a good shape
# Process the GitHub events
event = request.META.get('HTTP_X_GITHUB_EVENT', 'ping')
if event == 'ping':
return HttpResponse('pong')
elif event == 'push':
# Deploy some code for example
return HttpResponse('success')
# In case we receive an event that's not ping or push
return HttpResponse(status=204)
Copy link

kapoc3 commented Jan 15, 2020

oi, amigo eu preciso de integrar com typeform, dessa maneira eu posso fazer isso o que ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment