# urls.py
from django.conf.urls import url
from django.views.decorators.csrf import csrf_exempt

from .views import WebhookView

urlpatterns = [
    url(r'^webhook$', csrf_exempt(WebhookView.as_view())),
]

# views.py
import base64
import hashlib
import hmac

from django.conf import settings
from django.http import HttpResponse
from django.views import View


def verify(request):
    signature = str.encode(request.META['HTTP_WEBHOOK_SIGNATURE'])

    digest = hmac.new(
        key=str.encode(settings.WEBHOOK_SECRET),
        msg=request.body,
        digestmod=hashlib.sha1).digest()

    expected_signature = base64.b64encode(digest)

    return hmac.compare_digest(signature, expected_signature)


class WebhookView(View):
    def dispatch(self, request, *args, **kwargs):
        if not verify(request):
            return HttpResponse(status=400)

        return super().dispatch(request, *args, **kwargs)