in webhook-app/webhook_helper.py [0:0]
def check_signature(header_signature, request_body):
if not header_signature:
raise ValueError('No X-Hub-Signature header.')
algorithm, signature_digest = header_signature.split('=')
if algorithm != 'sha1':
raise ValueError('Unsupported digest algorithm {}.'.format(algorithm))
body_digest = hmac.new(
webhook_secret(), msg=request_body, digestmod=hashlib.sha1).hexdigest()
if not hmac.compare_digest(body_digest, signature_digest):
raise ValueError('Body digest did not match signature digest')
return True