yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update backend/app/api/board_webhooks.py

Browse Source 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Hugh Brown
2026-03-03 16:45:54 -07:00
committed by Abhimanyu Saharan
parent 86229038eb
commit 3a0c67a656
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/app/api/board_webhooks.py
View File

@@ -186,14 +186,17 @@ def _verify_webhook_signature(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,
detail="Missing webhook signature header.", detail="Missing webhook signature header.",
) )
if sig_header.startswith("sha256="): sig_value = sig_header
sig_header = sig_header[7:] if sig_value.lower().startswith("sha256="):
sig_value = sig_value[7:]
sig_value = sig_value.strip().lower()
expected = hmac.new( expected = hmac.new(
webhook.secret.encode("utf-8"), webhook.secret.encode("utf-8"),
raw_body, raw_body,
hashlib.sha256, hashlib.sha256,
).hexdigest() ).hexdigest()
if not hmac.compare_digest(sig_header, expected): expected = expected.strip().lower()
if not hmac.compare_digest(sig_value, expected):
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid webhook signature.", detail="Invalid webhook signature.",