58 lines
1.4 KiB
Python
58 lines
1.4 KiB
Python
import hashlib
|
|
import hmac
|
|
import json
|
|
import time
|
|
from flask import Flask, request
|
|
|
|
SERVER_PORT = 5080
|
|
MAX_WEBHOOK_AGE = 120 * 1000 # 2 minutes in milliseconds
|
|
OPENVIDU_MEET_API_KEY = "meet-api-key"
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
@app.route("/webhook", methods=["POST"])
|
|
def webhook():
|
|
body = request.get_json()
|
|
headers = request.headers
|
|
|
|
if not is_webhook_event_valid(body, headers):
|
|
print("Invalid webhook signature")
|
|
return "Invalid webhook signature", 401
|
|
|
|
print("Webhook received:", body)
|
|
return "", 200
|
|
|
|
|
|
def is_webhook_event_valid(body, headers):
|
|
signature = headers.get("x-signature")
|
|
timestamp_str = headers.get("x-timestamp")
|
|
if not signature or not timestamp_str:
|
|
return False
|
|
|
|
try:
|
|
timestamp = int(timestamp_str)
|
|
except ValueError:
|
|
return False
|
|
|
|
current = int(time.time() * 1000)
|
|
diff_time = current - timestamp
|
|
if diff_time >= MAX_WEBHOOK_AGE:
|
|
return False
|
|
|
|
json_body = json.dumps(body, separators=(",", ":"))
|
|
signed_payload = str(timestamp) + "." + json_body
|
|
|
|
expected = hmac.new(
|
|
OPENVIDU_MEET_API_KEY.encode("utf-8"),
|
|
signed_payload.encode("utf-8"),
|
|
hashlib.sha256,
|
|
).hexdigest()
|
|
|
|
return hmac.compare_digest(expected, signature)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
print("Webhook server listening on port " + str(SERVER_PORT))
|
|
app.run(debug=False, host="0.0.0.0", port=SERVER_PORT)
|