I was developing the same feature for my website today, and this help me a
lot.
In my case I was using Dango Rest Framework, and I was using request.data
and parsing it to JSON, insted of using request.body.
But now it works, thank you about this conversation.
Em quarta-feira, 28 de fevereiro de 2018 06:51:38 UTC-3, Manuele escreveu:
>
> Hi!
>
> I need to develop a web service that listen to webhook calls from a
> woocommerce site, I thought to write a little check class to pass to
> auth.requires decorator like the following:
>
>
> class HookCheck(object):
> secret = ''
>
> def __init__(self):
> super(HookCheck, self).__init__()
> self()
>
> def compute(self, body):
> dig = hmac.new(self.secret.encode(),
> msg = body.encode(), # your_bytes_string
> digestmod = hashlib.sha256
> ).digest()
> computed = base64.b64encode(dig).decode()
> return computed
>
> def __call__(self):
> signature = '' # <- how can I get from
> the request headers?
> body = request.body.read() # <- Is it the right string to encode?
> computed = self.compute(body)
> print signature, computed, signature==computed
> return signature==computed
>
>
> @service.json
> @auth.requires(HookCheck(), requires_login=False)
> def listenToHooks():
> return {}
>
>
> can somebody help me to get the correct values of the hook signature and
> the raw call body to check?
>
> As far as I know the signature contained in the header field
> "X-Wc-Webhook-Signature" and I'm not sure if the string from which get
> the hmac hash is just what I get from the read method of the
> request.body object.
>
> thank a lot
>
> Manuele
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
