def sign(self, name: str) -> str: if not self.available(): self.refresh_signer_token() percent_escaped_name = self.percent_escape_asset_name(name) url = '/'.join([self.url_prefix, self.app_name, percent_escaped_name]) if not self.signature_required: return url expired_at = datetime.now() + self.signature_expiry_duration expired_at_str = str(int(expired_at.timestamp())) hasher = hmac.new(self.signer_token.value.encode('utf-8'), digestmod=hashlib.sha256) # We still use the original name to derive the # signature. for each_info in [ self.app_name, name, expired_at_str, self.signer_token.extra ]: hasher.update(each_info.encode('utf-8')) # use standard_b64encode instead of urlsafe_b64encode following # the implementation of cloud asset signature = base64\ .standard_b64encode(hasher.digest())\ .decode('utf-8') signature_and_extra = percent_encode('{}.{}'.format( signature, self.signer_token.extra)) return '{}?expired_at={}&signature={}'.format(url, expired_at_str, signature_and_extra)
def sign(self, name: str) -> str: if not self.available(): self.refresh_signer_token() url = '/'.join([self.url_prefix, self.app_name, name]) if not self.signature_required: return url expired_at = datetime.now() + self.signature_expiry_duration expired_at_str = str(int(expired_at.timestamp())) hasher = hmac.new(self.signer_token.value.encode('utf-8'), digestmod=hashlib.sha256) for each_info in [self.app_name, name, expired_at_str, self.signer_token.extra]: hasher.update(each_info.encode('utf-8')) # use standard_b64encode instead of urlsafe_b64encode following # the implementation of cloud asset signature = base64\ .standard_b64encode(hasher.digest())\ .decode('utf-8') signature_and_extra = percent_encode( '{}.{}'.format(signature, self.signer_token.extra)) return '{}?expired_at={}&signature={}'.format(url, expired_at_str, signature_and_extra)
def g(*args, **kwargs): authtoken = request.cookies.get('authtoken') uname, token = check_token(authtoken) if token: request.username = uname return endpoint(*args, **kwargs) else: bottle.redirect('/login?next={next}'.format(next=percent_encode(request.path)))