Notes around secrets authentication when implementing a simple application that performs slack notification with github webhook in google cloud function (python)

background

github has a function called webhook that sends a request to the hook for the event that occurred. For example, by combining github webhook + googlo cloud function + slack, you can implement your own github-> slack notification function.

You can set secrets in github secret. You can use this to create a more secure webhook application.

Securing webhooks (https://docs.github.com/ja/developers/webhooks-and-events/securing-your-webhooks)

This time, when implementing the notification app with google cloud function, make a note of how to do this secure implementation.

Implementation

import hmac
import hashlib

def verify_github_secrets(req) -> bool:
    secret_value = "YOUR_SECRET"
    sigExpected = request.headers.get("X-Hub-Signature").split('sha1=')[-1].strip()
    sigCalculated = hmac.new(secret_value.encode(), request.data, hashlib.sha1).hexdigest()
    return hmac.compare_digest(sigCalculated, sigExpected)

def main(req):
    if not verify_github_secrets(req):
        return "fail github auth"
    #TODO implementation
    return "ok"

reference

Recommended Posts

Notes around secrets authentication when implementing a simple application that performs slack notification with github webhook in google cloud function (python)
Around the authentication of PyDrive2, a package that operates Google Drive with Python
Implementing a simple algorithm in Python 2
Precautions when pickling a function in python
I made a familiar function that can be used in statistics with Python
Notes for implementing simple collaborative filtering in Python