Update get_email_webhook.py

Author: sudosha

get_email_webhook.py

@@ -6,27 +6,24 @@
 from msal import ConfidentialClientApplication
 from datetime import datetime, timezone, timedelta
 
-# --- Environment variables (loaded once) ---
-TENANT_ID = os.getenv("TENANT_ID")
-CLIENT_ID = os.getenv("CLIENT_ID")
-CLIENT_SECRET = os.getenv("CLIENT_SECRET")
-FROM_EMAIL = os.getenv("FROM_EMAIL")
-TO_EMAIL = os.getenv("TO_EMAIL")
-GITHUB_WEBHOOK_SECRET = os.getenv("GITHUB_WEBHOOK_SECRET")
-
-# --- Mode toggle (Test vs Webhook server) ---
+# --- Determine mode ---
 TEST_MODE = os.getenv("TEST_MODE", "true").lower() == "true"
 
+# Import Flask only if not in TEST_MODE
 if not TEST_MODE:
     from flask import Flask, request
     app = Flask(__name__)
 
-
 # --- Microsoft Graph Email Sending Function ---
 def send_email_via_graph(subject, body):
-    """Send email using Microsoft Graph API via client credentials flow."""
+    TENANT_ID = os.getenv("TENANT_ID")
+    CLIENT_ID = os.getenv("CLIENT_ID")
+    CLIENT_SECRET = os.getenv("CLIENT_SECRET")
+    FROM_EMAIL = os.getenv("FROM_EMAIL")
+    TO_EMAIL = os.getenv("TO_EMAIL")
+
     if not all([TENANT_ID, CLIENT_ID, CLIENT_SECRET, FROM_EMAIL, TO_EMAIL]):
-        print("❌ Missing required environment variables for email sending")
+        print("❌ Missing required environment variables")
         return
 
     try:
@@ -37,7 +34,6 @@ def send_email_via_graph(subject, body):
         )
         token = app_msal.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
         access_token = token.get("access_token")
-
         if not access_token:
             print(f"❌ Failed to get access token: {token}")
             return
@@ -64,10 +60,8 @@ def send_email_via_graph(subject, body):
     except Exception as e:
         print(f"❌ Exception occurred while sending email: {e}")
 
-
-# --- GitHub Webhook Signature Verification ---
+# --- Verify GitHub webhook signature ---
 def verify_github_signature(payload_body, signature, secret):
-    """Verify X-Hub-Signature-256 against webhook secret."""
     if not secret:
         print("⚠️ No webhook secret set, skipping verification")
         return True
@@ -79,10 +73,8 @@ def verify_github_signature(payload_body, signature, secret):
     expected_signature = "sha256=" + mac.hexdigest()
     return hmac.compare_digest(expected_signature, signature)
 
-
 # --- Convert UTC timestamp to UTC+4 ---
 def convert_to_utc4(timestamp):
-    """Convert ISO UTC timestamp string to UTC+4 formatted datetime string."""
     if not timestamp:
         return "N/A"
     try:
@@ -93,10 +85,8 @@ def convert_to_utc4(timestamp):
         print(f"⚠️ Failed to convert timestamp {timestamp}: {e}")
         return timestamp
 
-
 # --- Format GitHub repository event for email ---
 def format_repo_event(repo, action):
-    """Generate subject + body text for repository created/deleted events."""
     repo_name = repo["full_name"]
     visibility_icon = "🔒 Private" if repo.get("private") else "🌐 Public"
     owner = repo["owner"]["login"]
@@ -118,20 +108,20 @@ def format_repo_event(repo, action):
     )
     return subject, body
 
-
-# --- Flask Handlers (only if not in TEST_MODE) ---
+# --- GitHub Webhook + Health Handlers ---
 if not TEST_MODE:
     @app.route("/webhook", methods=["POST"])
     def github_webhook():
         payload_body = request.data
         signature = request.headers.get("X-Hub-Signature-256")
+        secret = os.getenv("GITHUB_WEBHOOK_SECRET")
 
         print("📥 Incoming GitHub webhook")
         print(f"📥 Event: {request.headers.get('X-GitHub-Event')}")
         print(f"📥 Signature header: {signature}")
 
-        if not verify_github_signature(payload_body, signature, GITHUB_WEBHOOK_SECRET):
-            print("❌ Invalid signature! Webhook rejected.")
+        if not verify_github_signature(payload_body, signature, secret):
+            print(f"❌ Invalid signature! Webhook rejected.")
             return "❌ Invalid signature", 401
 
         try:
@@ -143,7 +133,18 @@ def github_webhook():
         event = request.headers.get("X-GitHub-Event", "")
         action = data.get("action", "")
 
-        if event == "repository" and action in ["created", "deleted"]:
+        repo_actions = [
+            "created",
+            "deleted",
+            "publicized",   # private → public
+            "privatized",   # public → private
+            "archived",
+            "unarchived",
+            "renamed",
+            "transferred"
+        ]
+
+        if event == "repository" and action in repo_actions:
             subject, body = format_repo_event(data["repository"], action)
             print(f"📩 Sending email alert: {subject}")
             send_email_via_graph(subject, body)
@@ -156,11 +157,10 @@ def github_webhook():
     def health_check():
         return {"status": "running"}, 200
 
-
 # --- Main Entry Point ---
 if __name__ == "__main__":
     if TEST_MODE:
-        print("🔹 TEST_MODE enabled: sending test email...")
+        print("🔹 TEST_MODE: sending test email")
         test_repo = {
             "full_name": "quantori/sadsrepo",
             "private": True,
@@ -170,7 +170,7 @@ def health_check():
             "updated_at": "2025-09-09T13:09:20Z",
             "html_url": "https://github.com/quantori/sadsrepo"
         }
-        subject, body = format_repo_event(test_repo, "created")
+        subject, body = format_repo_event(test_repo, "publicized")
         send_email_via_graph(subject, body)
     else:
         print("✅ Flask is up and listening on /webhook and /health")