fideloper/authorize_request.py

## authorize_request.py
class SignedRequest:

    def __init__(self, request, secret):
        self.request = request
        self.secret = secret

    def expected_signature(self):
        method = self.request.method
        uri = self.request.path
        extras = self._get_extra_parameters()
        msg = '%s:%s%s' % (method, uri, extras)

        return base64.b64encode(hmac.new(self.secret, msg.encode('utf-8'), hashlib.sha256).digest())

    def request_signature(self):
        return self.request.headers.get('Authorization')

    def authorized_request(self):
        return self.expected_signature() == self.request_signature()

    def _get_extra_parameters(self):
        if 'backend' in self.request.form and 'node' in self.request.form:
            return ':%s:%s' % (self.form['backend'], self.form['node'])

        return ''

## make_signed_request.py
#
# Externally, create a signed request
#
import os, base64, hashlib, hmac, requests

# Message Signature
# METHOD:uri[:extra_params]
msg = 'GET:/foo/bar'

signature = base64.b64encode(hmac.new(os.environ['SERVEROPS_SECRET'], msg.encode('utf-8'), hashlib.sha256).digest())

url = 'localhost:5000/tail/error'
headers = {'Authorization': signature}
r = requests.get(url, headers=headers)

#
# In application, authorize above signed request using SignedRequest object
#

# This is a Flask request object in this case
auth = SignedRequest(request, os.environ['SERVEROPS_SECRET'])

if not auth.authorized_request():
    print "request rejected"
	class SignedRequest:

	def __init__(self, request, secret):
	self.request = request
	self.secret = secret

	def expected_signature(self):
	method = self.request.method
	uri = self.request.path
	extras = self._get_extra_parameters()
	msg = '%s:%s%s' % (method, uri, extras)

	return base64.b64encode(hmac.new(self.secret, msg.encode('utf-8'), hashlib.sha256).digest())

	def request_signature(self):
	return self.request.headers.get('Authorization')

	def authorized_request(self):
	return self.expected_signature() == self.request_signature()

	def _get_extra_parameters(self):
	if 'backend' in self.request.form and 'node' in self.request.form:
	return ':%s:%s' % (self.form['backend'], self.form['node'])

	return ''
	#
	# Externally, create a signed request
	#
	import os, base64, hashlib, hmac, requests

	# Message Signature
	# METHOD:uri[:extra_params]
	msg = 'GET:/foo/bar'

	signature = base64.b64encode(hmac.new(os.environ['SERVEROPS_SECRET'], msg.encode('utf-8'), hashlib.sha256).digest())

	url = 'localhost:5000/tail/error'
	headers = {'Authorization': signature}
	r = requests.get(url, headers=headers)

	#
	# In application, authorize above signed request using SignedRequest object
	#

	# This is a Flask request object in this case
	auth = SignedRequest(request, os.environ['SERVEROPS_SECRET'])

	if not auth.authorized_request():
	print "request rejected"