help: add signature code examples (#34160)

help/fr/api-auth.page

@@ -94,4 +94,132 @@ intranet = 12345
 
 </section>
 
+<section>
+<title>Exemples de code de signature</title>
+
+<p>
+Voici des exemples de code pour créer des URLs signées selon l'algorithme
+expliqué ci-dessus.
+</p>
+
+<listing>
+<title>Python</title>
+<code mime="text/x-python">
+#!/usr/bin/env python2
+
+import base64
+import hmac
+import hashlib
+import datetime
+import urllib
+import urlparse
+import random
+
+def sign_url(url, key, algo='sha256', orig=None, timestamp=None, nonce=None):
+    parsed = urlparse.urlparse(url)
+    new_query = sign_query(parsed.query, key, algo, orig, timestamp, nonce)
+    return urlparse.urlunparse(parsed[:4] + (new_query,) + parsed[5:])
+
+def sign_query(query, key, algo='sha256', orig=None, timestamp=None, nonce=None):
+    if timestamp is None:
+        timestamp = datetime.datetime.utcnow()
+    timestamp = timestamp.strftime('%Y-%m-%dT%H:%M:%SZ')
+    if nonce is None:
+        nonce = hex(random.getrandbits(128))[2:-1]
+    new_query = query
+    if new_query:
+        new_query += '&amp;'
+    new_query += urllib.urlencode((
+        ('algo', algo),
+        ('timestamp', timestamp),
+        ('nonce', nonce)))
+    if orig is not None:
+        new_query += '&amp;' + urllib.urlencode({'orig': orig})
+    signature = base64.b64encode(sign_string(new_query, key, algo=algo))
+    new_query += '&amp;' + urllib.urlencode({'signature':signature})
+    return new_query
+
+def sign_string(s, key, algo='sha256', timedelta=30):
+    digestmod = getattr(hashlib, algo)
+    hash = hmac.HMAC(key, digestmod=digestmod, msg=s)
+    return hash.digest()
+
+# usage:
+url = sign_url('http://www.example.net/uri/?arg=val&amp;arg2=val2', 'user-key', orig='user')
+</code>
+</listing>
+
+<listing>
+<title>PHP</title>
+<code mime="application/x-php">
+&lt;?php
+
+function sign_url(string $url, string $orig, string $key) {
+	$parsed_url = parse_url($url);
+	$timestamp =  gmstrftime("%Y-%m-%dT%H:%M:%SZ");
+	$nonce = bin2hex(random_bytes(16));
+	$new_query = '';
+	if (isset($parsed_url['query'])) {
+		$new_query .= $parsed_url['query'] . '&amp;';
+	}
+	$new_query .= http_build_query(array(
+		'algo' => 'sha256',
+		'timestamp' => $timestamp,
+		'nonce' => $nonce,
+		'orig' => $orig));
+	$signature = base64_encode(hash_hmac('sha256', $new_query, $key, $raw_output = true));
+	$new_query .= '&amp;' . http_build_query(array('signature' => $signature));
+	$scheme   = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : '';
+	$host     = isset($parsed_url['host']) ? $parsed_url['host'] : '';
+	$port     = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : '';
+	$user     = isset($parsed_url['user']) ? $parsed_url['user'] : '';
+	$pass     = isset($parsed_url['pass']) ? ':' . $parsed_url['pass']  : '';
+	$pass     = ($user || $pass) ? "$pass@" : '';
+	$path     = isset($parsed_url['path']) ? $parsed_url['path'] : '';
+	$fragment = isset($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : '';
+	return "$scheme$user$pass$host$port$path?$new_query$fragment";
+}
+
+# usage:
+url = sign_url("http://www.example.net/uri/?arg=val&amp;arg2=val2", "user", "user-key");
+
+?&gt;
+</code>
+</listing>
+
+<listing>
+<title>Shell (bash)</title>
+<code mime="application/x-shellscript">
+#!/bin/bash
+
+url="http://www.example.net/uri/?arg=val&amp;arg2=val2"
+orig="user"
+key="user-key"
+
+function rawurlencode() {
+  local string="${1}"
+  local strlen=${#string}
+  local encoded=""
+  local pos c o
+  for ((pos=0; pos&lt;strlen; pos++)); do
+     c=${string:$pos:1}
+     case "$c" in
+        [-_.~a-zA-Z0-9] ) o="${c}" ;;
+        * )               printf -v o '%%%02x' "'$c"
+     esac
+     encoded+="${o}"
+  done
+  echo "${encoded}"
+}
+
+now=$(date -u +%FT%TZ);
+qs="algo=sha256&amp;timestamp=$now&amp;orig=$orig"
+sig=$(rawurlencode $(echo -n "$qs" | openssl dgst -binary -sha256 -hmac "$key" | base64))
+signed="${url}?$qs&amp;signature=$sig"
+echo "$signed"
+</code>
+</listing>
+
+</section>
+
 </page>