A Flask view decorator to verify Github's webhook signatures

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pabluk from gravatar.com pabluk

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v3 (GPLv3) (GNU General Public License v3 (GPLv3))

Author: Pablo Seminario

Tags flask, decorator, github, webhook

Classifiers

Project description

flask-github-signature

Python package PyPI

A Flask view decorator to verify Github's webhook signatures.

Installation

Using pip

To get the latest version from pypi.org:

pip install flask-github-signature

Usage

export GH_WEBHOOK_SECRET="xyz"

# app.py
from flask import Flask
from flask_github_signature import verify_signature

app = Flask(__name__)


@app.route("/webhook", methods=["POST"])
@verify_signature
def webhook():
    return "Payload signature verified."

run the previous Flask app with:

flask run

and test it with:

curl --request POST \
  --header "X-Hub-Signature-256: sha256=eba50596a17c2c8fbdbc5c68223422fe41d5310bea51ffdc461430bce0386c54" \
  --header "Content-Type: application/json" \
  --data '{}' \
  http://localhost:5000/webhook

Signing a test payload

If you want to test with another payload you can generate a signature using:

>>> import os
>>> from flask_github_signature import compute_signature
>>> 
>>> secret = os.environ["GH_WEBHOOK_SECRET"]
>>> compute_signature(secret, b'{"message": "An example"}')
'04886433fda851ca66181cecbd9c283ba677468ba361b0a0a7ba57a867102b46'
>>>

when using a signature on a header don't forget to append sha256= to it.

Testing

If you want to test, play or contribute to this repo:

git clone git@github.com:pabluk/flask-github-signature.git
cd flask-github-signature/
pip install -r requirements.txt
pip install -r requirements-dev.txt
pytest -v

black --line-length=127 tests/ flask_github_signature/

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pabluk from gravatar.com pabluk

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v3 (GPLv3) (GNU General Public License v3 (GPLv3))

Author: Pablo Seminario

Tags flask, decorator, github, webhook

Classifiers

Release history Release notifications | RSS feed

This version

0.1.1

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask-github-signature-0.1.1.tar.gz (15.3 kB view hashes)

Uploaded Source

Built Distribution

flask_github_signature-0.1.1-py3-none-any.whl (15.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page