Hi!
I need to develop a web service that listen to webhook calls from a
woocommerce site, I thought to write a little check class to pass to
auth.requires decorator like the following:
class HookCheck(object):
secret = ''
def __init__(self):
super(HookCheck, self).__init__()
self()
def compute(self, body):
dig = hmac.new(self.secret.encode(),
msg = body.encode(), # your_bytes_string
digestmod = hashlib.sha256
).digest()
computed = base64.b64encode(dig).decode()
return computed
def __call__(self):
signature = '' # <- how can I get from
the request headers?
body = request.body.read() # <- Is it the right string to encode?
computed = self.compute(body)
print signature, computed, signature==computed
return signature==computed
@service.json
@auth.requires(HookCheck(), requires_login=False)
def listenToHooks():
return {}
can somebody help me to get the correct values of the hook signature and
the raw call body to check?
As far as I know the signature contained in the header field
"X-Wc-Webhook-Signature" and I'm not sure if the string from which get
the hmac hash is just what I get from the read method of the
request.body object.
thank a lot
Manuele
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
