def sign_url(absolute_url, secret=None):
"""
Sign the URL, inserting a time-based nonce, and a cryptographic checksum
"""
absolute_url = append_query(absolute_url, _cn=int(time.time()))
signature = hmac(absolute_url, secret, 'sha256').hexdigest()
return append_query(absolute_url, _cs=signature)
def verify_url(request, secret=None, timeout=30):
# immediately verify HMAC
absolute_url = request.build_absolute_uri()[:-69] # strip HMAC param
if not hmac(absolute_url, secret, 'sha256').hexdigest() == request.GET.get('_cs', None):
return False
# verify timestamp
timestamp = int(request.GET.get('_cn', None))
if not timestamp or time.time() - timestamp > timeout:
return False
return True