> > On Wednesday, February 28, 2018 at 3:50:16 PM UTC-8, Anthony wrote: >> >> I think you're on the right track. If you need the original request body >> to verify the signature, request.body.read() should do it. Does that not >> work? >> >> Also, I don't think you need the decorator and nested function. Just >> write a simple function and call it at the beginning of the handler: >> >> def verify_signature(): >> secret = '<here is my secret key>' >> body = request.body.read() >> dig = hmac.new(secret.encode(), msg=body.encode(), digestmod=hashlib. >> sha256).digest() >> if request.env.http_x_wc_webhook_signature != base64.b64encode(dig). >> decode(): >> raise HTTP(403) >> >> @service.json >> def listenToHooks(): >> verify_signature() >> # do stuff >> >> Anthony >> >> > > Don't you want a dummy parameter on verify_signature(), to prevent it > being a URL-visible function? >
Instead of a dummy parameter, you can start the name with a double underscore. But if verify_signature is needed in multiple places, I would move it to a model or module. If only needed in this one place, I probably wouldn't make a separate function and simply add those few lines directly to listenToHooks. Anthony > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
