Created
June 23, 2014 15:15
-
-
Save categulario/deeb41c402c800d1f6e6 to your computer and use it in GitHub Desktop.
Validate GitHub signature in python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # validate github signature | |
| import hashlib | |
| import hmac | |
| import json | |
| signature = hmac.new(GITHUB_TOKEN, payload, hashlib.sha1).hexdigest() | |
| # assuming that the 'payload' variable keeps the content sent by github as plain text | |
| # and 'headers' variable keeps the headers sent by GitHub | |
| if hmac.compare_digest(signature, headers['X-Hub-Signature'].split('=')[1]): | |
| payload_object = json.loads(payload) | |
| # do something here | |
| return json.dumps({'msg': 'Done!'}) | |
| else: | |
| return json.dumps({'msg': 'not a chance'}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If using flask service, just get the raw body as bytes (request.data), no need to do json.dumps or anything and encode the payload, or minify, it'll work.