From 7759d7c23df53c3f6e19f26d4dde9bf5b713836e Mon Sep 17 00:00:00 2001
From: tanto <tanto@channel.io>
Date: Thu, 15 Jun 2023 11:27:58 +0900
Subject: [PATCH] add webhookverify option

---
 nr/configs/config.py       | 1 +
 nr/routers/new_releases.py | 4 +++-
 nr/schemas/releasehook.py  | 2 +-
 nr/utils/new_releases.py   | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/nr/configs/config.py b/nr/configs/config.py
index 0b15291..0b0a9e1 100644
--- a/nr/configs/config.py
+++ b/nr/configs/config.py
@@ -9,6 +9,7 @@ class Settings(BaseSettings):
     channel_open_api_access_secret: StrictStr = ""
     channel_group_id: StrictStr = ""
     newreleases_webhook_verify_key: StrictStr = ""
+    newreleases_webhook_verify: bool = True
 
 
 settings = Settings()
diff --git a/nr/routers/new_releases.py b/nr/routers/new_releases.py
index a21784e..ef907a9 100644
--- a/nr/routers/new_releases.py
+++ b/nr/routers/new_releases.py
@@ -2,6 +2,7 @@
 from typing import Annotated, List
 from zoneinfo import ZoneInfo
 from dateutil import parser
+from ..configs.config import settings
 from ..channel.client import ChannelOpenApiClient
 from ..channel.message import Block, Message
 from ..schemas.releasehook import ReleaseHook
@@ -19,7 +20,8 @@ def hook(
     x_newreleases_timestamp: Annotated[str, Header()],
     release: ReleaseHook
 ) -> Response:
-    if not verify_signature(x_newreleases_signature, x_newreleases_timestamp, release):
+    if settings.newreleases_webhook_verify and \
+       not verify_signature(x_newreleases_signature, x_newreleases_timestamp, release):
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
 
     release_time = parser.parse(release.time) \
diff --git a/nr/schemas/releasehook.py b/nr/schemas/releasehook.py
index 2f44657..74ef81f 100644
--- a/nr/schemas/releasehook.py
+++ b/nr/schemas/releasehook.py
@@ -8,7 +8,7 @@ class Note(BaseModel):
 
 
 class Account(BaseModel):
-    type:str
+    type: str
     id: str
     name: str
 
diff --git a/nr/utils/new_releases.py b/nr/utils/new_releases.py
index 452e5d3..3257ba9 100644
--- a/nr/utils/new_releases.py
+++ b/nr/utils/new_releases.py
@@ -8,7 +8,7 @@
 
 def verify_signature(signature: str, timestamp: str, release: ReleaseHook) -> bool:
     secret: str = settings.newreleases_webhook_verify_key
-    message: str = f"{timestamp}.{''.join(release.json(exclude_unset=True, exclude_none=True).split())}"
+    message: str = f"{timestamp}.{''.join(release.json(exclude_unset=True).split())}"
     _hmac: HMAC = hmac.new(
         key=secret.encode(),
         msg=message.encode(),