main.py

from google.cloud import pubsub
from square.utilities.webhooks_helper import is_valid_webhook_event_signature
import os



def whitelist_req(req, ranges):
    from ipaddress import ip_address, ip_network

    for r in ranges.split(','):
        if ip_address(req.remote_addr) in ip_network(r):
            return True

    return False


def pubsub_webhook(req):
    print("Request received")
    if req.method != 'POST':
        return ('Method not allowed', 405)

    if 'IP_WHITELIST' in os.environ:
        if not whitelist_req(req, os.environ['IP_WHITELIST']):
            return ('Forbidden', 403)

    signature = req.headers.get("x-square-hmacsha256-signature", None)
    body = req.data
    # Only process data with a valid signature
    is_from_square = is_valid_webhook_event_signature(body,
                                                      signature,
                                                      os.environ['SIGNATURE_KEY'],
                                                      os.environ['NOTIFICATION_URL'])

    if is_from_square:
        # Signature is valid. Return 200 OK.
        print("Request body: {}".format(body))
        client = pubsub.PublisherClient()

        topic_project = os.environ.get('TOPIC_PROJECT', os.environ['GCP_PROJECT'])
        topic_name = os.environ['TOPIC_NAME']

        topic = f'projects/{topic_project}/topics/{topic_name}'

        client.publish(topic, req.get_data())

        return 'OK'
    else:
        # Signature is invalid. Return 403 Forbidden.
        self.send_response(403)