From 7de84a074aab03e9968ba30fb1daccdde8e135e6 Mon Sep 17 00:00:00 2001
From: Tim Savage <tim@savage.company>
Date: Fri, 4 Aug 2017 18:53:13 +1000
Subject: [PATCH] Added implimentation of facebook signing

---
 odinweb/contrib/__init__.py |  0
 odinweb/contrib/facebook.py | 30 ++++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 odinweb/contrib/__init__.py
 create mode 100644 odinweb/contrib/facebook.py

diff --git a/odinweb/contrib/__init__.py b/odinweb/contrib/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/odinweb/contrib/facebook.py b/odinweb/contrib/facebook.py
new file mode 100644
index 0000000..e43b112
--- /dev/null
+++ b/odinweb/contrib/facebook.py
@@ -0,0 +1,30 @@
+"""
+Facebook contrib
+~~~~~~~~~~~~~~~~
+
+Helpers for handing requests from Facebook.
+
+"""
+import hashlib
+import hmac
+
+from odinweb.exceptions import PermissionDenied
+
+
+class XHubSignatureMiddleware(object):
+    """
+    Middleware to validate a Facebook X-Hub-Signature header.
+    """
+    priority = 5
+
+    def __init__(self, app_key):
+        # type: (str) -> None
+        self.app_key = app_key
+
+    def pre_dispatch(self, request, _):
+        """
+        Handle pre-dispatch event
+        """
+        signature = "sha1=" + hmac.new(self.app_key, request.body, hashlib.sha1).hexdigest()
+        if signature != request.headers.get(''):
+            raise PermissionDenied("Invalid signature")