|
马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
本帖最后由 如默 于 2023-10-26 22:15 编辑
如题,我用Python实现gitee的webhook,用的是flask,代码如下:
- import os
- import time
- import hmac
- import hashlib
- import base64
- import urllib
- from flask import Flask, request
- app = Flask(__name__)
- SECRET = 'mySecret' # 替换为您的签名密钥
- def generate_signature(timestamp):
- timestamp_str = str(timestamp)
- secret_enc = SECRET.encode('utf-8')
- string_to_sign = '{}\n{}'.format(timestamp_str, SECRET)
- string_to_sign_enc = string_to_sign.encode('utf-8')
- hmac_code = hmac.new(secret_enc, string_to_sign_enc, digestmod=hashlib.sha256).digest()
- signature = urllib.parse.quote_plus(base64.b64encode(hmac_code))
- # signature = base64.b64encode(hmac_code).decode()
- # url_encoded_signature = urllib.parse.quote(signature, safe='')
- return signature
- @app.route('/webhook', methods=['POST'])
- def handle_webhook():
- # 验证请求来源是否是Gitee
- if request.headers.get('User-Agent') == 'git-oschina-hook':
- # 验证签名
- timestamp = int(request.headers.get('X-Gitee-Timestamp'))
- actual_signature = request.headers.get('X-Gitee-Token')
- expected_signature = generate_signature(timestamp)
- if actual_signature != expected_signature:
- return '', 403 # 返回拒绝访问状态码
- # 在这里编写处理Webhook请求的代码逻辑
- data = request.json
- print('Received webhook request:', data)
- # 执行 git pull、pnpm install 和 pnpm build 等操作
- # ...
- return '', 200 # 返回成功状态码
- else:
- return '', 403 # 返回拒绝访问状态码
- if __name__ == '__main__':
- app.run(host='0.0.0.0', port=3002)
复制代码
放在服务器上运行之后,在gitee的后台测试,发现报403错误,gitee的返回的token信息如下:uinoZjLDU4UB97wNM1xNB1XCAuTA5Urk8BKYrSxc1g0=
下面是完整的返回的header信息
- Request URL: https://xxx.com/webhook
- Request Method: POST
- X-Gitee-Token: uinoZjLDU4UB97wNM1xNB1XCAuTA5Urk8BKYrSxc1g0=
- X-Gitee-Event: push_hooks
- User-Agent: git-oschina-hook
- X-Gitee-Timestamp: 1698328784458
- X-Gitee-Ping: true
- Content-Type: application/json
- X-Git-Oschina-Event: push_hooks
复制代码
查看flask的运行日志,得到的日志内容是:
- 127.0.0.1 - - [26/Oct/2023 21:59:44] "POST /webhook?sign=uinoZjLDU4UB97wNM1xNB1XCAuTA5Urk8BKYrSxc1g0%3D×tamp=1698328784458 HTTP/1.1" 403 -
复制代码
可以看到token是不一致的,差了一个=号,不知道为什么,官方文档的地址是:https://help.gitee.com/webhook/how-to-verify-webhook-keys
哪位大佬能帮忙看看啊,实在不知道啥问题了,唉
- import os
- import time
- import hmac
- import hashlib
- import base64
- import urllib
- from flask import Flask, request
- app = Flask(__name__)
- SECRET = 'mySecret' # 替换为您的签名密钥
- def generate_signature(timestamp):
- timestamp_str = str(timestamp)
- secret_enc = SECRET.encode('utf-8')
- string_to_sign = '{}\n{}'.format(timestamp_str, SECRET)
- string_to_sign_enc = string_to_sign.encode('utf-8')
- hmac_code = hmac.new(secret_enc, string_to_sign_enc, digestmod=hashlib.sha256).digest()
- signature = base64.b64encode(hmac_code).decode()
- return signature
- @app.route('/webhook', methods=['POST'])
- def handle_webhook():
- # 验证请求来源是否是Gitee
- if request.headers.get('User-Agent') == 'git-oschina-hook':
- # 验证签名
- timestamp = int(request.headers.get('X-Gitee-Timestamp'))
- actual_signature = request.headers.get('X-Gitee-Token')
- expected_signature = generate_signature(timestamp)
- if actual_signature != expected_signature:
- return '', 403 # 返回拒绝访问状态码
- # 在这里编写处理Webhook请求的代码逻辑
- data = request.json
- print('Received webhook request:', data)
- # 执行 git pull、pnpm install 和 pnpm build 等操作
- # ...
- return '', 200 # 返回成功状态码
- else:
- return '', 403 # 返回拒绝访问状态码
- if __name__ == '__main__':
- app.run(host='0.0.0.0', port=3002)
复制代码
|
|