Add Secret verification
Browse files
app.py
CHANGED
|
@@ -23,6 +23,12 @@ def restart_space(space_id):
|
|
| 23 |
|
| 24 |
@app.post("/webhook")
|
| 25 |
async def handle_webhook(request: Request):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 26 |
payload = await request.json()
|
| 27 |
|
| 28 |
# Vérifier si c'est une mise à jour de dataset
|
|
|
|
| 23 |
|
| 24 |
@app.post("/webhook")
|
| 25 |
async def handle_webhook(request: Request):
|
| 26 |
+
received_secret = request.headers.get("X-Webhook-Secret")
|
| 27 |
+
expected_secret = os.getenv("WEBHOOK_SECRET")
|
| 28 |
+
|
| 29 |
+
# Vérifier l'authenticité
|
| 30 |
+
if received_secret != expected_secret:
|
| 31 |
+
return {"error": "incorrect secret"}, 400
|
| 32 |
payload = await request.json()
|
| 33 |
|
| 34 |
# Vérifier si c'est une mise à jour de dataset
|