Update get_email_webhook.py

Author: sudosha

get_email_webhook.py

@@ -6,24 +6,27 @@
 from msal import ConfidentialClientApplication
 from datetime import datetime, timezone, timedelta
 
-# --- Determine mode ---
+# --- Environment variables (loaded once) ---
+TENANT_ID = os.getenv("TENANT_ID")
+CLIENT_ID = os.getenv("CLIENT_ID")
+CLIENT_SECRET = os.getenv("CLIENT_SECRET")
+FROM_EMAIL = os.getenv("FROM_EMAIL")
+TO_EMAIL = os.getenv("TO_EMAIL")
+GITHUB_WEBHOOK_SECRET = os.getenv("GITHUB_WEBHOOK_SECRET")
+
+# --- Mode toggle (Test vs Webhook server) ---
 TEST_MODE = os.getenv("TEST_MODE", "true").lower() == "true"
 
-# Import Flask only if not in TEST_MODE
 if not TEST_MODE:
     from flask import Flask, request
     app = Flask(__name__)
 
+
 # --- Microsoft Graph Email Sending Function ---
 def send_email_via_graph(subject, body):
-    TENANT_ID = os.getenv("TENANT_ID")
-    CLIENT_ID = os.getenv("CLIENT_ID")
-    CLIENT_SECRET = os.getenv("CLIENT_SECRET")
-    FROM_EMAIL = os.getenv("FROM_EMAIL")
-    TO_EMAIL = os.getenv("TO_EMAIL")
-
+    """Send email using Microsoft Graph API via client credentials flow."""
     if not all([TENANT_ID, CLIENT_ID, CLIENT_SECRET, FROM_EMAIL, TO_EMAIL]):
-        print("❌ Missing required environment variables")
+        print("❌ Missing required environment variables for email sending")
         return
 
     try:
@@ -34,6 +37,7 @@ def send_email_via_graph(subject, body):
         )
         token = app_msal.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
         access_token = token.get("access_token")
+
         if not access_token:
             print(f"❌ Failed to get access token: {token}")
             return
@@ -60,8 +64,10 @@ def send_email_via_graph(subject, body):
     except Exception as e:
         print(f"❌ Exception occurred while sending email: {e}")
 
-# --- Verify GitHub webhook signature ---
+
+# --- GitHub Webhook Signature Verification ---
 def verify_github_signature(payload_body, signature, secret):
+    """Verify X-Hub-Signature-256 against webhook secret."""
     if not secret:
         print("⚠️ No webhook secret set, skipping verification")
         return True
@@ -73,8 +79,10 @@ def verify_github_signature(payload_body, signature, secret):
     expected_signature = "sha256=" + mac.hexdigest()
     return hmac.compare_digest(expected_signature, signature)
 
+
 # --- Convert UTC timestamp to UTC+4 ---
 def convert_to_utc4(timestamp):
+    """Convert ISO UTC timestamp string to UTC+4 formatted datetime string."""
     if not timestamp:
         return "N/A"
     try:
@@ -85,8 +93,10 @@ def convert_to_utc4(timestamp):
         print(f"⚠️ Failed to convert timestamp {timestamp}: {e}")
         return timestamp
 
+
 # --- Format GitHub repository event for email ---
 def format_repo_event(repo, action):
+    """Generate subject + body text for repository created/deleted events."""
     repo_name = repo["full_name"]
     visibility_icon = "🔒 Private" if repo.get("private") else "🌐 Public"
     owner = repo["owner"]["login"]
@@ -108,20 +118,20 @@ def format_repo_event(repo, action):
     )
     return subject, body
 
-# --- GitHub Webhook + Health Handlers ---
+
+# --- Flask Handlers (only if not in TEST_MODE) ---
 if not TEST_MODE:
     @app.route("/webhook", methods=["POST"])
     def github_webhook():
         payload_body = request.data
         signature = request.headers.get("X-Hub-Signature-256")
-        secret = os.getenv("GITHUB_WEBHOOK_SECRET")
 
         print("📥 Incoming GitHub webhook")
         print(f"📥 Event: {request.headers.get('X-GitHub-Event')}")
         print(f"📥 Signature header: {signature}")
 
-        if not verify_github_signature(payload_body, signature, secret):
-            print(f"❌ Invalid signature! Webhook rejected.")
+        if not verify_github_signature(payload_body, signature, GITHUB_WEBHOOK_SECRET):
+            print("❌ Invalid signature! Webhook rejected.")
             return "❌ Invalid signature", 401
 
         try:
@@ -131,24 +141,26 @@ def github_webhook():
             return "❌ Bad payload", 400
 
         event = request.headers.get("X-GitHub-Event", "")
+        action = data.get("action", "")
 
-        if event == "repository" and data.get("action") in ["created", "deleted"]:
-            subject, body = format_repo_event(data["repository"], data["action"])
+        if event == "repository" and action in ["created", "deleted"]:
+            subject, body = format_repo_event(data["repository"], action)
             print(f"📩 Sending email alert: {subject}")
             send_email_via_graph(subject, body)
         else:
-            print(f"ℹ️ Ignored event: {event}, action: {data.get('action')}")
+            print(f"ℹ️ Ignored event: {event}, action: {action}")
 
         return "OK", 200
 
     @app.route("/health", methods=["GET"])
     def health_check():
         return {"status": "running"}, 200
 
+
 # --- Main Entry Point ---
 if __name__ == "__main__":
     if TEST_MODE:
-        print("🔹 TEST_MODE: sending test email")
+        print("🔹 TEST_MODE enabled: sending test email...")
         test_repo = {
             "full_name": "quantori/sadsrepo",
             "private": True,