Il 28/02/18 17:10, Anthony ha scritto: > You could parse the request body yourself, but web2py will do it > automatically and put the variables in request.post_vars (if JSON is > posted, its keys will become the keys of request.post_vars). > > I'm not sure what you mean by "check the request.post_vars". If there > are variables you are expecting in the posted body, they will be in > request.post_vars. Looking at the example log here > <https://docs.woocommerce.com/document/webhooks/>, it looks like you > might expect request.post_vars.action and request.post_vars.arg. The > "action" value will also be in one of the request headers. Not sure if > you need or care about "arg".
A little step backward... I want to verify the call origin and authenticity. Each time a call is performed by a webhook it is signed with a signature in the header obtained by encoding the body and I want to verify this signature in order to be sure from where the call comes from. I've found something similar for other languages and environments but not for python and web2py, for example this one https://stackoverflow.com/q/42182387/1039510. The concept is quite easy but there are some details I miss. Hereunder I tryied to rewrite the example code[*] in a more clear way (I hope). Does anybody tryied it before or somebody with some woocommerce webhook experiencecan point me to what's wrong in it? def compute(body): secret = '<here is my secret key>' dig = hmac.new(secret.encode(), msg = body.encode(), digestmod = hashlib.sha256 ).digest() computed = base64.b64encode(dig).decode() return computed def hookCheck(func): def wrapper(*args, **kw): signature = request.env.http_x_wc_webhook_signature body = request.body.read() # ?? computed = compute(body) if signature==computed: return func(*args, **kw) raise HTTP(403) return wrapper @service.json def listenToHooks(): @hookCheck def _main_(): # do stuff return {} return _main_() Best regards Manuele [*] https://gist.github.com/manuelep/4b64492ceeaa07f095302f94956ea554 -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
