def verify_pre_signed_url(key, req, resp, params): headers = req.headers project = headers.get('X-PROJECT-ID') expires = headers.get('URL-EXPIRES') methods = headers.get('URL-METHODS', '').split(',') paths = headers.get('URL-PATHS', '').split(',') signature = headers.get('URL-SIGNATURE') if not signature: return if req.method not in methods: raise falcon.HTTPNotFound() if req.path not in paths: raise falcon.HTTPNotFound() try: verified = urls.verify_signed_headers_data(key, paths, project=project, methods=methods, expires=expires, signature=signature) except ValueError: raise falcon.HTTPNotFound() if not verified: raise falcon.HTTPNotFound()
def verify_pre_signed_url(key, req, resp, params): headers = req.headers project = headers.get('X-PROJECT-ID') expires = headers.get('URL-EXPIRES') methods = headers.get('URL-METHODS', '').split(',') paths = headers.get('URL-PATHS', '').split(',') signature = headers.get('URL-SIGNATURE') if not signature: return if req.method not in methods: raise falcon.HTTPNotFound() # Support to query single resource with pre-signed url if not any([p for p in paths if re.search(p, req.path)]): raise falcon.HTTPNotFound() try: verified = urls.verify_signed_headers_data(key, paths, project=project, methods=methods, expires=expires, signature=signature) except ValueError: raise falcon.HTTPNotFound() if not verified: raise falcon.HTTPNotFound()
def verify_signature(self, key, payload): action = payload.get('action') method = self._actions_mapping.get(action) headers = payload.get('headers', {}) project = headers.get('X-Project-ID') expires = headers.get('URL-Expires') methods = headers.get('URL-Methods') paths = headers.get('URL-Paths') signature = headers.get('URL-Signature') if not method or method not in methods: return False try: verified = urls.verify_signed_headers_data(key, paths, project=project, methods=methods, expires=expires, signature=signature) except ValueError: return False return verified