Uncategorized

from django.http import HttpResponse from django.views.decorators.csrf import csrf_exempt import json import hashlib import hmac from django.http import HttpResponse import base64 from rest_framework.exceptions import MethodNotAllowed from woorestapi.models import APIKey from django.shortcuts import get_object_or_404 import re from woorestapi.tasks import update_data_from_Webhook def get_secret_key(user_id): apikey = get_object_or_404(APIKey, shop__user__id=user_id) return apikey.ws @csrf_exempt def Webhook(request): if request.method == ‘POST’: payload = request.body match = re.search(r’=([^=]+)$’, request.META[‘QUERY_STRING’]) user_id = None if match: user_id = match.group(1) if user_id == None: return MethodNotAllowed(“Not Allowed”) signature = request.headers.get(‘X-Wc-Webhook-Signature’) if not signature: print(“No signature”) return HttpResponse(“Invalid signature”, status=403) if not verify_signature(signature, payload,user_id): return HttpResponse(“Invalid signature”, status=403) decoded_payload = payload.decode(‘utf-8’) data = json.loads(decoded_payload) topic = request.headers.get(‘X-WC-Webhook-Topic’) source = request.headers.get(‘X-WC-Webhook-Source’) update_data_from_Webhook.delay(data,user_id,topic,source) return HttpResponse(“Webhook event received successfully.”) # Respond to non-POST requests with an error return HttpResponse(“Invalid request method”, status=400) def verify_signature(signature, payload,user_id): secret_key = get_secret_key(user_id) secret_bytes = bytes(secret_key, ‘utf-8’) # Replace with the actual WooCommerce webhook secret key expected_signature = hmac.new(secret_bytes, payload, hashlib.sha256).hexdigest() # WooCommerce might use Base64 encoding for the signature received_signature_decoded = base64.b64decode(signature).hex() return hmac.compare_digest(received_signature_decoded, expected_signature)