2023-07-06 00:21:08 +03:00
|
|
|
import hashlib
|
|
|
|
|
import hmac
|
|
|
|
|
|
|
|
|
|
from fastapi import HTTPException
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_signature(payload_body, secret_token, signature_header):
|
|
|
|
|
"""Verify that the payload was sent from GitHub by validating SHA256.
|
|
|
|
|
|
|
|
|
|
Raise and return 403 if not authorized.
|
|
|
|
|
|
|
|
|
|
Args:
|
|
|
|
|
payload_body: original request body to verify (request.body())
|
|
|
|
|
secret_token: GitHub app webhook token (WEBHOOK_SECRET)
|
|
|
|
|
signature_header: header received from GitHub (x-hub-signature-256)
|
|
|
|
|
"""
|
|
|
|
|
if not signature_header:
|
|
|
|
|
raise HTTPException(status_code=403, detail="x-hub-signature-256 header is missing!")
|
|
|
|
|
hash_object = hmac.new(secret_token.encode('utf-8'), msg=payload_body, digestmod=hashlib.sha256)
|
|
|
|
|
expected_signature = "sha256=" + hash_object.hexdigest()
|
|
|
|
|
if not hmac.compare_digest(expected_signature, signature_header):
|
|
|
|
|
raise HTTPException(status_code=403, detail="Request signatures didn't match!")
|
|
|
|
|
|
2023-07-25 16:52:18 +03:00
|
|
|
|
|
|
|
|
class RateLimitExceeded(Exception):
|
|
|
|
|
"""Raised when the git provider API rate limit has been exceeded."""
|
|
|
|
|
pass
|
