77 lines
2.4 KiB
Python
77 lines
2.4 KiB
Python
# Copyright (C) 2019 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
|
|
# Usage : http --auth='key_name:key' --auth-type=publik-auth https://some.publik.api/endpoint/
|
|
|
|
|
|
import base64
|
|
import datetime
|
|
import hashlib
|
|
import hmac
|
|
import random
|
|
import urllib.parse
|
|
|
|
from django.utils.encoding import force_bytes
|
|
|
|
from httpie.plugins import AuthPlugin
|
|
|
|
|
|
def sign_url(url, key, orig, algo='sha256', timestamp=None, nonce=None):
|
|
parsed = urllib.parse.urlparse(url)
|
|
new_query = sign_query(parsed.query, key, orig, algo, timestamp, nonce)
|
|
return urllib.parse.urlunparse(parsed[:4] + (new_query,) + parsed[5:])
|
|
|
|
|
|
def sign_query(query, key, orig, algo='sha256', timestamp=None, nonce=None):
|
|
if timestamp is None:
|
|
timestamp = datetime.datetime.utcnow()
|
|
timestamp = timestamp.strftime('%Y-%m-%dT%H:%M:%SZ')
|
|
if nonce is None:
|
|
nonce = hex(random.getrandbits(128))[2:]
|
|
new_query = query
|
|
if new_query:
|
|
new_query += '&'
|
|
new_query += urllib.parse.urlencode((
|
|
('algo', algo),
|
|
('timestamp', timestamp),
|
|
('nonce', nonce),
|
|
('orig', orig)))
|
|
signature = base64.b64encode(sign_string(new_query, key, algo=algo))
|
|
new_query += '&signature=' + urllib.parse.quote(signature)
|
|
return new_query
|
|
|
|
|
|
def sign_string(s, key, algo='sha256', timedelta=30):
|
|
digestmod = getattr(hashlib, algo)
|
|
hash = hmac.HMAC(force_bytes(key), digestmod=digestmod, msg=force_bytes(s))
|
|
return hash.digest()
|
|
|
|
|
|
class ApiAuth:
|
|
def __init__(self, access_id, secret_key):
|
|
self.access_id = access_id
|
|
self.secret_key = secret_key
|
|
|
|
def __call__(self, r):
|
|
r.url = sign_url(r.url, self.secret_key, self.access_id)
|
|
return r
|
|
|
|
|
|
class PublikAuthPlugin(AuthPlugin):
|
|
|
|
name = 'PublikAuth auth'
|
|
auth_type = 'publik-auth'
|
|
description = 'Sign requests using the PublikAuth authentication method'
|
|
|
|
def get_auth(self, username, password):
|
|
return ApiAuth(username, password)
|