simplex 1.0.8__py3-none-any.whl → 1.0.11__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of simplex might be problematic. Click here for more details.
- simplex/__init__.py +9 -1
- simplex/webhook.py +175 -0
- {simplex-1.0.8.dist-info → simplex-1.0.11.dist-info}/METADATA +1 -1
- {simplex-1.0.8.dist-info → simplex-1.0.11.dist-info}/RECORD +7 -6
- {simplex-1.0.8.dist-info → simplex-1.0.11.dist-info}/WHEEL +0 -0
- {simplex-1.0.8.dist-info → simplex-1.0.11.dist-info}/licenses/LICENSE +0 -0
- {simplex-1.0.8.dist-info → simplex-1.0.11.dist-info}/top_level.txt +0 -0
simplex/__init__.py
CHANGED
|
@@ -20,8 +20,13 @@ from simplex.errors import (
|
|
|
20
20
|
)
|
|
21
21
|
from simplex.resources.workflow import Workflow
|
|
22
22
|
from simplex.resources.workflow_session import WorkflowSession
|
|
23
|
+
from simplex.webhook import (
|
|
24
|
+
verify_simplex_webhook,
|
|
25
|
+
verify_simplex_webhook_dict,
|
|
26
|
+
WebhookVerificationError,
|
|
27
|
+
)
|
|
23
28
|
|
|
24
|
-
__version__ = "1.0.
|
|
29
|
+
__version__ = "1.0.11"
|
|
25
30
|
__all__ = [
|
|
26
31
|
"SimplexClient",
|
|
27
32
|
"SimplexError",
|
|
@@ -32,4 +37,7 @@ __all__ = [
|
|
|
32
37
|
"WorkflowError",
|
|
33
38
|
"Workflow",
|
|
34
39
|
"WorkflowSession",
|
|
40
|
+
"verify_simplex_webhook",
|
|
41
|
+
"verify_simplex_webhook_dict",
|
|
42
|
+
"WebhookVerificationError",
|
|
35
43
|
]
|
simplex/webhook.py
ADDED
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
"""
|
|
2
|
+
Webhook verification utilities for Simplex webhooks.
|
|
3
|
+
|
|
4
|
+
This module provides functions to verify the authenticity of webhook requests
|
|
5
|
+
from Simplex using HMAC-SHA256 signature verification.
|
|
6
|
+
|
|
7
|
+
Example usage:
|
|
8
|
+
>>> from simplex import verify_simplex_webhook, WebhookVerificationError
|
|
9
|
+
>>>
|
|
10
|
+
>>> try:
|
|
11
|
+
>>> verify_simplex_webhook(
|
|
12
|
+
>>> body=request.body,
|
|
13
|
+
>>> signature=request.headers.get('X-Simplex-Signature'),
|
|
14
|
+
>>> webhook_secret='your-webhook-secret'
|
|
15
|
+
>>> )
|
|
16
|
+
>>> # Webhook verified, safe to process
|
|
17
|
+
>>> except WebhookVerificationError as e:
|
|
18
|
+
>>> # Invalid webhook
|
|
19
|
+
>>> print(f"Verification failed: {e}")
|
|
20
|
+
"""
|
|
21
|
+
|
|
22
|
+
import hmac
|
|
23
|
+
import hashlib
|
|
24
|
+
from typing import Optional, Union, Dict
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
class WebhookVerificationError(Exception):
|
|
28
|
+
"""
|
|
29
|
+
Exception raised when webhook verification fails.
|
|
30
|
+
|
|
31
|
+
This error is raised when:
|
|
32
|
+
- The signature header is missing
|
|
33
|
+
- The signature is invalid
|
|
34
|
+
- The signature doesn't match the expected value
|
|
35
|
+
"""
|
|
36
|
+
|
|
37
|
+
def __init__(self, message: str):
|
|
38
|
+
"""
|
|
39
|
+
Initialize a WebhookVerificationError.
|
|
40
|
+
|
|
41
|
+
Args:
|
|
42
|
+
message: Description of the verification failure
|
|
43
|
+
"""
|
|
44
|
+
super().__init__(message)
|
|
45
|
+
self.message = message
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
def verify_simplex_webhook(
|
|
49
|
+
body: Union[str, bytes],
|
|
50
|
+
signature: Optional[str],
|
|
51
|
+
webhook_secret: str
|
|
52
|
+
) -> None:
|
|
53
|
+
"""
|
|
54
|
+
Verify a Simplex webhook request using HMAC-SHA256 signature verification.
|
|
55
|
+
|
|
56
|
+
This function ensures that webhook requests are authentic and haven't been
|
|
57
|
+
tampered with in transit. It uses the same pattern as GitHub webhooks.
|
|
58
|
+
|
|
59
|
+
The signature is computed as: HMAC-SHA256(webhook_secret, request_body)
|
|
60
|
+
|
|
61
|
+
Args:
|
|
62
|
+
body: Raw request body as string or bytes (must be the original unparsed body)
|
|
63
|
+
signature: The X-Simplex-Signature header value from the request
|
|
64
|
+
webhook_secret: Your webhook secret from the Simplex dashboard
|
|
65
|
+
|
|
66
|
+
Raises:
|
|
67
|
+
WebhookVerificationError: If signature is missing, invalid, or verification fails
|
|
68
|
+
|
|
69
|
+
Example:
|
|
70
|
+
>>> # Flask example
|
|
71
|
+
>>> from flask import Flask, request, jsonify
|
|
72
|
+
>>> from simplex import verify_simplex_webhook, WebhookVerificationError
|
|
73
|
+
>>>
|
|
74
|
+
>>> app = Flask(__name__)
|
|
75
|
+
>>>
|
|
76
|
+
>>> @app.route('/webhook', methods=['POST'])
|
|
77
|
+
>>> def webhook():
|
|
78
|
+
>>> try:
|
|
79
|
+
>>> verify_simplex_webhook(
|
|
80
|
+
>>> body=request.get_data(as_text=True),
|
|
81
|
+
>>> signature=request.headers.get('X-Simplex-Signature'),
|
|
82
|
+
>>> webhook_secret='your-webhook-secret'
|
|
83
|
+
>>> )
|
|
84
|
+
>>>
|
|
85
|
+
>>> # Webhook verified, safe to process
|
|
86
|
+
>>> payload = request.get_json()
|
|
87
|
+
>>> print(f"Received webhook: {payload['session_id']}")
|
|
88
|
+
>>> return jsonify({'received': True})
|
|
89
|
+
>>>
|
|
90
|
+
>>> except WebhookVerificationError as e:
|
|
91
|
+
>>> return jsonify({'error': str(e)}), 401
|
|
92
|
+
|
|
93
|
+
Example:
|
|
94
|
+
>>> # FastAPI example
|
|
95
|
+
>>> from fastapi import FastAPI, Request, HTTPException
|
|
96
|
+
>>> from simplex import verify_simplex_webhook, WebhookVerificationError
|
|
97
|
+
>>>
|
|
98
|
+
>>> app = FastAPI()
|
|
99
|
+
>>>
|
|
100
|
+
>>> @app.post("/webhook")
|
|
101
|
+
>>> async def webhook(request: Request):
|
|
102
|
+
>>> body = await request.body()
|
|
103
|
+
>>> signature = request.headers.get('X-Simplex-Signature')
|
|
104
|
+
>>>
|
|
105
|
+
>>> try:
|
|
106
|
+
>>> verify_simplex_webhook(
|
|
107
|
+
>>> body=body,
|
|
108
|
+
>>> signature=signature,
|
|
109
|
+
>>> webhook_secret='your-webhook-secret'
|
|
110
|
+
>>> )
|
|
111
|
+
>>>
|
|
112
|
+
>>> payload = await request.json()
|
|
113
|
+
>>> return {'received': True}
|
|
114
|
+
>>>
|
|
115
|
+
>>> except WebhookVerificationError as e:
|
|
116
|
+
>>> raise HTTPException(status_code=401, detail=str(e))
|
|
117
|
+
"""
|
|
118
|
+
# 1. Check required signature
|
|
119
|
+
if not signature:
|
|
120
|
+
raise WebhookVerificationError('Missing X-Simplex-Signature header')
|
|
121
|
+
|
|
122
|
+
# 2. Ensure body is bytes for HMAC computation
|
|
123
|
+
if isinstance(body, str):
|
|
124
|
+
body_bytes = body.encode('utf-8')
|
|
125
|
+
else:
|
|
126
|
+
body_bytes = body
|
|
127
|
+
|
|
128
|
+
# 3. Compute expected signature
|
|
129
|
+
expected_signature = hmac.new(
|
|
130
|
+
webhook_secret.encode('utf-8'),
|
|
131
|
+
body_bytes,
|
|
132
|
+
hashlib.sha256
|
|
133
|
+
).hexdigest()
|
|
134
|
+
|
|
135
|
+
# 4. Compare signatures using constant-time comparison to prevent timing attacks
|
|
136
|
+
if not hmac.compare_digest(expected_signature, signature):
|
|
137
|
+
raise WebhookVerificationError('Invalid webhook signature')
|
|
138
|
+
|
|
139
|
+
# Webhook verified successfully!
|
|
140
|
+
|
|
141
|
+
|
|
142
|
+
def verify_simplex_webhook_dict(
|
|
143
|
+
body: Union[str, bytes],
|
|
144
|
+
headers: Dict[str, str],
|
|
145
|
+
webhook_secret: str
|
|
146
|
+
) -> None:
|
|
147
|
+
"""
|
|
148
|
+
Verify a Simplex webhook request using a headers dictionary.
|
|
149
|
+
|
|
150
|
+
This is a convenience wrapper around verify_simplex_webhook() that accepts
|
|
151
|
+
a headers dictionary and handles case-insensitive header lookup.
|
|
152
|
+
|
|
153
|
+
Args:
|
|
154
|
+
body: Raw request body as string or bytes
|
|
155
|
+
headers: Dictionary of request headers
|
|
156
|
+
webhook_secret: Your webhook secret from the Simplex dashboard
|
|
157
|
+
|
|
158
|
+
Raises:
|
|
159
|
+
WebhookVerificationError: If verification fails
|
|
160
|
+
|
|
161
|
+
Example:
|
|
162
|
+
>>> verify_simplex_webhook_dict(
|
|
163
|
+
>>> body=request.body,
|
|
164
|
+
>>> headers=dict(request.headers),
|
|
165
|
+
>>> webhook_secret='your-secret'
|
|
166
|
+
>>> )
|
|
167
|
+
"""
|
|
168
|
+
# Try to find the signature header (case-insensitive)
|
|
169
|
+
signature = None
|
|
170
|
+
for key, value in headers.items():
|
|
171
|
+
if key.lower() == 'x-simplex-signature':
|
|
172
|
+
signature = value
|
|
173
|
+
break
|
|
174
|
+
|
|
175
|
+
verify_simplex_webhook(body, signature, webhook_secret)
|
|
@@ -1,13 +1,14 @@
|
|
|
1
|
-
simplex/__init__.py,sha256=
|
|
1
|
+
simplex/__init__.py,sha256=GfMhnfynX-FtWfSo48hJLj3iqgAjCkk49cHqcnuggzw,1023
|
|
2
2
|
simplex/client.py,sha256=SqxjcAZ1dpXUmj-DawGxRdx61Wxrhd-tT1pd84iuEcM,11956
|
|
3
3
|
simplex/errors.py,sha256=_IHJhhvFWWPFywjzXNxbVr2S8WOqThkhc2KzCZiN6i8,4653
|
|
4
4
|
simplex/http_client.py,sha256=-khQqgIenG71oTV73chsbu-uY16NQCgbidiiTVLdIRk,12440
|
|
5
5
|
simplex/types.py,sha256=8pPLJyQPDLuLFuCPRlYJajuJLZbvitE6v27zPkmV6IU,7546
|
|
6
|
+
simplex/webhook.py,sha256=c21YYFk6rStDW2ABHZ__t-a4Lcwn1a1w9WZCkIyRszU,5769
|
|
6
7
|
simplex/resources/__init__.py,sha256=yx_Ubd2LBrXbTwFrhhPgpu3jIy4JqUtb7BJvLnbkGwg,277
|
|
7
8
|
simplex/resources/workflow.py,sha256=FP1c9uTXTgzaggZ485QIhktPKZQW9sOg6d2nbNrywPw,16250
|
|
8
9
|
simplex/resources/workflow_session.py,sha256=3zjwQ55SI1sEP_VncE7w0_jyPrxthMYPJm5O3Uya8p8,10981
|
|
9
|
-
simplex-1.0.
|
|
10
|
-
simplex-1.0.
|
|
11
|
-
simplex-1.0.
|
|
12
|
-
simplex-1.0.
|
|
13
|
-
simplex-1.0.
|
|
10
|
+
simplex-1.0.11.dist-info/licenses/LICENSE,sha256=TyxVTRp5rBigFCL8EDC9Bv7AZfb4JBMVUZUeCs4Pk6Y,1063
|
|
11
|
+
simplex-1.0.11.dist-info/METADATA,sha256=2ucGKD0BvnhiJjBY9vrpB4KOT11QumEZHzFTDrYRJiU,11162
|
|
12
|
+
simplex-1.0.11.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
13
|
+
simplex-1.0.11.dist-info/top_level.txt,sha256=cbMH1bYpN0A3gP-ecibPRHasHoqB-01T_2BUFS8p0CE,8
|
|
14
|
+
simplex-1.0.11.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|