def wrapper(request, *args, **kwargs):
if request.method != "POST":
return HttpResponseNotAllowed(['POST'])
if request.META.get('CONTENT_TYPE', '') != 'application/json':
return HttpResponseBadRequest('Request must have the content-type "application/json"')
d = json.loads(request.raw_post_data)
if not 'signature' in d:
return HttpResponseBadRequest('Request JSON must include an "signature" element.')
if not 'client_name' in d:
return HttpResponseBadRequest('Request JSON must include an "client_name" element.')
try:
client = Client.objects.get(name=d.get('client_name'))
except Client.DoesNotExist:
return HttpResponseForbidden('Access for that "client_name" is denied.')
if not check_signature(d, client.auth_key):
return HttpResponseForbidden('Access for that "client_name" is denied.')
request.api_client = client
output = f(request, *args, **kwargs)
return HttpResponse(json.dumps(output), content_type='application/json')
def testCheckSignature(self):
s = "secret"
d = {'1':'2', '3':'4', 'signature':hashlib.sha256('1=23=4' + s).hexdigest()}
self.assertTrue(utils.check_signature(d, s))
