A Flask view decorator to verify Github's webhook signatures

These details have not been verified by PyPI

Project links

Project description

flask-github-signature

A Flask view decorator to verify Github's webhook signatures.

Installation

Using pip

To get the latest version from pypi.org:

pip install flask-github-signature

Usage

export GH_WEBHOOK_SECRET="xyz"

# app.py
from flask import Flask
from flask_github_signature import verify_signature

app = Flask(__name__)


@app.route("/webhook", methods=["POST"])
@verify_signature
def webhook():
    return "Payload signature verified."

run the previous Flask app with:

flask run

and test it with:

curl --request POST \
  --header "X-Hub-Signature-256: sha256=eba50596a17c2c8fbdbc5c68223422fe41d5310bea51ffdc461430bce0386c54" \
  --header "Content-Type: application/json" \
  --data '{}' \
  http://localhost:5000/webhook

Signing a test payload

If you want to test with another payload you can generate a signature using:

>>> import os
>>> from flask_github_signature import compute_signature
>>> 
>>> secret = os.environ["GH_WEBHOOK_SECRET"]
>>> compute_signature(secret, b'{"message": "An example"}')
'04886433fda851ca66181cecbd9c283ba677468ba361b0a0a7ba57a867102b46'
>>>

when using a signature on a header don't forget to append sha256= to it.

Testing

If you want to test, play or contribute to this repo:

git clone git@github.com:pabluk/flask-github-signature.git
cd flask-github-signature/
pip install -r requirements.txt
pip install -r requirements-dev.txt
pytest -v

black --line-length=127 tests/ flask_github_signature/

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

This version

0.1.1

Dec 14, 2022

0.1.0

Dec 12, 2022

0.0.1

Oct 18, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask-github-signature-0.1.1.tar.gz (15.3 kB view details)

Uploaded Dec 14, 2022 Source

Built Distribution

flask_github_signature-0.1.1-py3-none-any.whl (15.7 kB view details)

Uploaded Dec 14, 2022 Python 3

File details

Details for the file flask-github-signature-0.1.1.tar.gz.

File metadata

Download URL: flask-github-signature-0.1.1.tar.gz
Upload date: Dec 14, 2022
Size: 15.3 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.11.1

File hashes

Hashes for flask-github-signature-0.1.1.tar.gz
Algorithm	Hash digest
SHA256	`c184643ba3aa72a220e6af8f153d04e220f0b9e437f4db78fb7a3e8a4e936aa6`
MD5	`a413550935bf7764dcb12c6c674aec74`
BLAKE2b-256	`0877ca235051edcceb4a306c1475ee7de1bfd3d468a217fbacadab25cc696c25`

See more details on using hashes here.

File details

Details for the file flask_github_signature-0.1.1-py3-none-any.whl.

File metadata

Download URL: flask_github_signature-0.1.1-py3-none-any.whl
Upload date: Dec 14, 2022
Size: 15.7 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.11.1

File hashes

Hashes for flask_github_signature-0.1.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`ffe3adab48f21c23a942c177787f94a8f6d1044a859d86e6c36fea675438886b`
MD5	`63a07038dc44316d76b9fc67ffb70808`
BLAKE2b-256	`a1ba34c8fed1b256283ab8b52d38e9b16f0eba7dfde4237fa6ebe9cf6f7bf285`