in webhook/views.py [0:0]
def webhooks(request):
''' process webhooks '''
if request.method == "POST":
if "X-Hub-Signature" not in request.headers:
return HttpResponseBadRequest()
# Check the X-Hub-Signature header to make sure this is a valid request.
fb_signature = request.headers["X-Hub-Signature"]
signature = hmac.new(
os.getenv("FB_APP_SECRET").encode(), request.body, hashlib.sha1
)
expected_signature = "sha1=" + signature.hexdigest()
if not hmac.compare_digest(fb_signature, expected_signature):
return HttpResponseForbidden("Invalid signature header")
processWebhookNotification(request.body)
return HttpResponse()
if request.method == "GET":
# Verification request
# https://developers.facebook.com/docs/graph-api/webhooks/getting-started#event-notifications
hub_mode = request.GET.get("hub.mode", "")
hub_verify_token = request.GET.get("hub.verify_token", "")
if hub_mode != "subscribe" or hub_verify_token != os.getenv(
"FB_WEBHOOK_APP_TOKEN"
):
return HttpResponseBadRequest()
return HttpResponse(request.GET.get("hub.challenge", ""))
# should not reach here
return HttpResponseBadRequest()