一个码云的WEBHOOK

import hmac
import os
from flask import Flask, request, jsonify
import json
import base64
from urllib.parse import quote
import logging

logging.basicConfig(filename='webhook.log', level=logging.DEBUG, format='%(asctime)s - %(message)s')

app = Flask(__name__)

secret = '密码'

def encryption(data):
    """
    Step1:把timestamp+"\n"+密钥当做签名字符串,使用HmacSHA256算法计算签名。
    Setp2:对上述得到的结果进行 Base64 encode。
    Setp3:对上述得到的结果进行 urlEncode,得到最终的签名(需要使用UTF-8字符集)。
    """
    key = secret.encode('utf-8')
    obj = hmac.new(key, msg=data, digestmod='sha256')
    return base64.b64encode(obj.digest()).decode("utf-8")

@app.route('/', methods=['POST'])
def post_data():
    """
    githee加密是将post提交的timestamp +'\n' + WebHooks的secret通过hmac的sha256加密,放到HTTP headers的
    X-Gitee-Token参数中
    """
    logging.info(request.url)
    post_data = json.loads(request.data)
    sign_string = post_data["timestamp"] + "\n" + secret
    token = encryption(sign_string.encode('utf-8'))
    # 认证签名是否有效
    signature = request.headers.get('X-Gitee-Token', '')
    if signature != token:
        return "token认证无效", 401
    # Push:"push_hooks"/"tag_push_hooks"。 Pull Request:"merge_request_hooks"
    if post_data["hook_name"] in ["push_hooks", "tag_push_hooks", "merge_request_hooks"]:
        try:
            branch_name = post_data["ref"].split("/")[-1]
        except KeyError:
            branch_name = post_data["target_branch"].split("/")[-1]
        # 运行shell脚本,更新代码
        logging.info(os.popen('/opt/webhook/command.sh ' + branch_name).read())
        return jsonify({"status": 200})

if __name__ == '__main__':
    app.run(host="0.0.0.0", port=端口)

启动命令:
nohup python3 /opt/webhook/webhook.py &