From d14253bc76d2f4cc8fb627a72b358d8485372f24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Francisco=20Calvo?= Date: Mon, 23 Sep 2024 13:20:35 +0200 Subject: [PATCH] fix: use the timestamp of the notification attempt to be used on the sign call instead of the event timestamp --- .../src/argilla_server/webhooks/v1/commons.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/argilla-server/src/argilla_server/webhooks/v1/commons.py b/argilla-server/src/argilla_server/webhooks/v1/commons.py index 17328ca9c6..860a8f81ce 100644 --- a/argilla-server/src/argilla_server/webhooks/v1/commons.py +++ b/argilla-server/src/argilla_server/webhooks/v1/commons.py @@ -31,13 +31,15 @@ # NOTE: We are using standard webhooks implementation. # For more information take a look to https://www.standardwebhooks.com def notify_event(webhook: WebhookModel, event: str, timestamp: datetime, data: Dict) -> httpx.Response: + timestamp_attempt = datetime.utcnow() + msg_id = _generate_msg_id() payload = json.dumps(_build_payload(event, timestamp, data)) - signature = Webhook(webhook.secret).sign(msg_id, timestamp, payload) + signature = Webhook(webhook.secret).sign(msg_id, timestamp_attempt, payload) return httpx.post( webhook.url, - headers=_build_headers(msg_id, signature), + headers=_build_headers(msg_id, timestamp_attempt, signature), content=payload, timeout=NOTIFY_EVENT_DEFAULT_TIMEOUT, ) @@ -47,10 +49,10 @@ def _generate_msg_id() -> str: return f"msg_{secrets.token_urlsafe(MSG_ID_BYTES_LENGTH)}" -def _build_headers(msg_id: str, signature: str) -> Dict: +def _build_headers(msg_id: str, timestamp: datetime, signature: str) -> Dict: return { "webhook-id": msg_id, - "webhook-timestamp": str(floor(datetime.utcnow().replace(tzinfo=timezone.utc).timestamp())), + "webhook-timestamp": str(floor(timestamp.replace(tzinfo=timezone.utc).timestamp())), "webhook-signature": signature, "content-type": "application/json", }