webhook request validation doc update #739
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![ellipsis-dev[bot]](https://avatars.githubusercontent.com/in/64358?s=60&v=4){kind=small}
There was a problem hiding this comment.
❌ Changes requested. Reviewed everything up to 1365662 in 11 seconds
More details
- Looked at
46lines of code in1files - Skipped
0files when reviewing. - Skipped posting
1drafted comments based on config settings.
1. docs/running-tasks/webhooks-faq.mdx:31
- Draft comment:
Ensurereq.bodyis a Buffer or string before using it. Consider using middleware to parse the body appropriately. - Reason this comment was not posted:
Decided after close inspection that this draft comment was likely wrong and/or not actionable:
The comment is speculative and suggests a verification step, which violates the rule against asking the PR author to confirm or ensure something. It does not point out a definite issue with the code. The code assumesreq.bodyis a Buffer or string, and the comment does not indicate a clear code change required.
The comment might be useful if there's a known issue withreq.bodynot being a Buffer or string, but this is not indicated in the comment. It could be seen as a proactive suggestion rather than a necessary change.
The rules clearly state not to make speculative comments or ask for verification. The comment does not indicate a definite issue, so it should be removed.
The comment should be removed as it is speculative and does not indicate a definite issue with the code.
Workflow ID: wflow_7E1NDdfNR2CpFDBz
Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
| payload = request.body() # this is a bytes | ||
| hash_obj = hmac.new(SKYVERN_API_KEY.encode("utf-8"), msg=payload, digestmod=hashlib.sha256) | ||
| header_skyvern_signature = request.headers["x-skyvern-signature"] | ||
| payload = request.body() # this is a bytes |
There was a problem hiding this comment.
request.body() should be awaited in FastAPI to get the payload. Use payload = await request.body() if inside an async function.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
Updated
docs/running-tasks/webhooks-faq.mdxwith Python and JavaScript examples for webhook request validation usingSKYVERN_API_KEY.Key points:
docs/running-tasks/webhooks-faq.mdxto include code examples for webhook request validation.hmacandfastapito validate request headers.cryptomodule to validate request headers.SKYVERN_API_KEY.Generated with ❤️ by ellipsis.dev