Validate header webhook

Im working on cloud functions, and im recibing a webhook, as json, and the origin say there is a specific header, let it call myHeader for this question, once I access to the header, give me the output, on console, as SHA256=<key> but I dont know how to know if that header is correct from the origin or if is was modify.
The origin page say:

The endpoint receiving the payload must validate the payload by checking that the HTTP header -myHeader- of the callback matches the HMAC256 of the secret on the payload’s body bytes.
So, looking in the internet, I found some kind of decoding, but on cloud funcions didnt work

import firebase_admin
from firebase_admin import credentials
from firebase_admin import firestore
import base64
import json
import hmac, hashlib

# Use the application default credentials
cred = credentials.ApplicationDefault()
firebase_admin.initialize_app(cred, {
'projectId': 'coincaexchange',
})

db = firestore.client()

def webhook(request):
    myToken = "2ET#####################sB" #Secret from origin
    signature = request.headers['BTCPAY-SIG']
    request_json = request.get_json()
    print(signature)
    print('Validate?',
        _generate_signature(json.dumps(request_json), myToken)
    )
    return f'Hello World!'

def _generate_signature(data, myToken): #Code from https://stackoverflow.com/questions/31848293/python3-and-hmac-how-to-handle-string-not-being-binary
    key = myToken # Defined as a simple string.
    key_bytes= bytes(key , 'latin-1') # Commonly 'latin-1' or 'utf-8'
    data_bytes = bytes(data, 'latin-1') # Assumes `data` is also a string.
    return hmac.new(key_bytes, data_bytes , hashlib.sha256).hexdigest()

In one execute print this sha256=790381c187##########################683447e4 and ebbadc3574####################221717ccef7496890 and the secret provided by the origin is something like 2ET#####################sB
So, nothing is equals, and I dont know what do I have to compare or validate

Source: Python Questions

LEAVE A COMMENT