smsbot/smsbot/webhook_handler.py

import os
from functools import wraps

from flask import Flask, abort, current_app, request
from prometheus_client import Counter, Summary, make_wsgi_app
from twilio.request_validator import RequestValidator
from waitress import serve
from werkzeug.middleware.dispatcher import DispatcherMiddleware

from smsbot.utils import get_smsbot_version

REQUEST_TIME = Summary("webhook_request_processing_seconds", "Time spent processing request")
MESSAGE_COUNT = Counter("webhook_message_count", "Total number of messages processed")
CALL_COUNT = Counter("webhook_call_count", "Total number of calls processed")


def validate_twilio_request(func):
    """Validates that incoming requests genuinely originated from Twilio"""

    @wraps(func)
    def decorated_function(*args, **kwargs):  # noqa: WPS430
        # Create an instance of the RequestValidator class
        twilio_token = os.environ.get("SMSBOT_TWILIO_AUTH_TOKEN")

        if not twilio_token:
            current_app.logger.warning(
                "Twilio request validation skipped due to SMSBOT_TWILIO_AUTH_TOKEN missing"
            )
            return func(*args, **kwargs)

        validator = RequestValidator(twilio_token)

        # Validate the request using its URL, POST data,
        # and X-TWILIO-SIGNATURE header
        request_valid = validator.validate(
            request.url,
            request.form,
            request.headers.get("X-TWILIO-SIGNATURE", ""),
        )

        # Continue processing the request if it's valid, return a 403 error if
        # it's not
        if request_valid or current_app.debug:
            return func(*args, **kwargs)
        return abort(403)

    return decorated_function


class TwilioWebhookHandler(object):
    def __init__(self):
        self.app = Flask(self.__class__.__name__)
        self.app.add_url_rule("/", "index", self.index, methods=["GET"])
        self.app.add_url_rule("/health", "health", self.health, methods=["GET"])
        self.app.add_url_rule("/message", "message", self.message, methods=["POST"])
        self.app.add_url_rule("/call", "call", self.call, methods=["POST"])

        # Add prometheus wsgi middleware to route /metrics requests
        self.app.wsgi_app = DispatcherMiddleware(
            self.app.wsgi_app,
            {
                "/metrics": make_wsgi_app(),
            },
        )

    def set_bot(self, bot):  # noqa: WPS615
        self.bot = bot

    def index(self):
        return ""

    @REQUEST_TIME.time()
    def health(self):
        return {
            "version": get_smsbot_version(),
            "owner": self.bot.owner_id,
            "subscribers": self.bot.subscriber_ids,
        }

    @REQUEST_TIME.time()
    @validate_twilio_request
    def message(self):
        current_app.logger.info(
            "Received SMS from {From}: {Body}".format(**request.values.to_dict())
        )

        message = "From: {From}\n\n{Body}".format(**request.values.to_dict())
        self.bot.send_subscribers(message)

        # Return a blank response
        MESSAGE_COUNT.inc()
        return "<response></response>"

    @REQUEST_TIME.time()
    @validate_twilio_request
    def call(self):
        current_app.logger.info(
            "Received Call from {From}".format(**request.values.to_dict())
        )
        self.bot.send_subscribers(
            "Received Call from {From}, rejecting.".format(**request.values.to_dict())
        )

        # Always reject calls
        CALL_COUNT.inc()
        return "<Response><Reject/></Response>"

    def serve(self, host="0.0.0.0", port=80, debug=False):
        serve(self.app, host=host, port=port)