def authorize(self, client_address: tuple[str, int], client_request: HTTPParser) -> Optional[HTTPResponse]: path = client_request.request_path secret = self.protected_paths[path]["secret"] timeout = self.protected_paths[path]["timeout"] prefix: str = self.protected_paths[path]["prefix"] if secret: # This path is token-protected if not path.startswith(prefix): # Incorrect prefix # FIXME: note that something is probably wrong with # the configuration here, we should probably log / # warn the admin return AUTH_FAILURE else: # Get rid of prefix and slashes path = path[len(prefix):].strip("/") if path.count("/") < 2: # Not enough components to be a tokenised path return AUTH_FAILURE # Split into token, timestamp, and path token, timestamp, path = path.split("/", 2) # Check the token is valid if token != hashlib.md5(secret + "/" + path + timestamp).hexdigest(): # Invalid token return AUTH_FAILURE # Check the timeout is not expired, if needed if timeout and (int(time.time()) - timeout) > int( timestamp, 16): return AUTH_FAILURE # We have to remove the token and timestamp from the original # path or else the server won't find the correct handler # afterwards client_request.request_path = "/".join([prefix, path]) return AUTH_SUCCESS return None