Python view decorator for the HMAC verification of a Shopify Webhook.

1/20/2014 - 1:05 AM

Python view decorator for the HMAC verification of a Shopify Webhook.

import hashlib, base64, hmac, json, settings

def shopify_webhook(f):
  """
  A decorator thats checks and validates a Shopify Webhook request.
  """

  def _hmac_is_valid(body, secret, hmac_to_verify):
    hash            = hmac.new(body, secret, hashlib.sha256)
    hmac_calculated = base64.b64encode(hash.digest())
    return hmac_calculated == hmac_to_verify

  @wraps(f)
  def wrapper(request, *args, **kwargs):
    # Try to get required headers and decode the body of the request.
    try:
      webhook_topic = request.META['HTTP_X_SHOPIFY_TOPIC']
      webhook_hmac  = request.META['HTTP_X_SHOPIFY_HMAC_SHA256']
      webhook_data  = json.loads(request.body)
    except:
      return HttpResponseBadRequest()

    # Verify the HMAC.
    if not _hmac_is_valid(request.body, settings.SHOPIFY_API_SECRET, webhook_hmac):
      return HttpResponseForbidden()

    # Otherwise, set properties on the request object and return.
    request.webhook_topic = webhook_topic
    request.webhook_data  = webhook_data
    return f(request, args, kwargs)

  return wrapper

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Python view decorator for the HMAC verification of a Shopify Webhook.