我試圖遵循這個非常直接的指南,了解如何防止非 twilio 請求訪問我為傳入的 twilio 消息設置的 webhook url。它基本上涉及復制他們作為裝飾器開發的功能,并將其應用于處理傳入消息的視圖。https://www.twilio.com/docs/usage/tutorials/how-to-secure-your-django-project-by-validating-incoming-twilio-requestsfrom django.http import HttpResponse, HttpResponseForbiddenfrom functools import wrapsfrom twilio import twimlfrom twilio.request_validator import RequestValidatorimport osdef validate_twilio_request(f): """Validates that incoming requests genuinely originated from Twilio""" @wraps(f) def decorated_function(request, *args, **kwargs): # Create an instance of the RequestValidator class validator = RequestValidator(os.environ.get('TWILIO_AUTH_TOKEN')) # Validate the request using its URL, POST data, # and X-TWILIO-SIGNATURE header request_valid = validator.validate( request.build_absolute_uri(), request.POST, request.META.get('HTTP_X_TWILIO_SIGNATURE', '')) # Continue processing the request if it's valid, return a 403 error if # it's not if request_valid: return f(request, *args, **kwargs) else: return HttpResponseForbidden() return decorated_function
1 回答

米琪卡哇伊
TA貢獻1998條經驗 獲得超6個贊
似乎RequestValidator
不接受無。這應該修復它:
validator = RequestValidator(os.environ.get('TWILIO_AUTH_TOKEN', ''))
添加回答
舉報
0/150
提交
取消