cleaned up code

This commit is contained in:
Wojciech Kubicki 2023-05-26 17:42:03 +02:00
parent a61b44d329
commit 451cc382d2

15
app.py
View File

@ -6,22 +6,18 @@ import os
app = Flask(__name__) app = Flask(__name__)
# Secret key used for HMAC signature verification
secret_token = os.environ.get('SECRET_TOKEN') secret_token = os.environ.get('SECRET_TOKEN')
@app.route('/webhook', methods=['POST']) @app.route('/webhook', methods=['POST'])
def webhook(): def webhook():
# Check if the received webhook is from Git
if request.headers.get('X-GitHub-Event') == 'push': if request.headers.get('X-GitHub-Event') == 'push':
# Verify HMAC signature
signature = request.headers.get('X-Hub-Signature-256') signature = request.headers.get('X-Hub-Signature-256')
if verify_signature(request.data, signature, secret_token): if verify_signature(request.data, signature, secret_token):
return 'Invalid HMAC signature.', 400 return 'Invalid HMAC signature.', 400
# Pull the latest changes from Git
subprocess.run(['git', 'pull']) subprocess.run(['git', 'pull'])
# Restart the example_app
subprocess.run(['systemctl', 'restart', 'restart_this_app.service']) subprocess.run(['systemctl', 'restart', 'restart_this_app.service'])
return 'Success!', 200 return 'Success!', 200
@ -32,15 +28,6 @@ def webhook():
# https://docs.github.com/en/enterprise-server@3.6/webhooks-and-events/webhooks/securing-your-webhooks#python-example # https://docs.github.com/en/enterprise-server@3.6/webhooks-and-events/webhooks/securing-your-webhooks#python-example
def verify_signature(payload_body, signature_header, secret_token): def verify_signature(payload_body, signature_header, secret_token):
"""Verify that the payload was sent from GitHub by validating SHA256.
Raise and return 403 if not authorized.
Args:
payload_body: original request body to verify (request.body())
secret_token: GitHub app webhook token (WEBHOOK_SECRET)
signature_header: header received from GitHub (x-hub-signature-256)
"""
if not signature_header: if not signature_header:
return False return False