34 lines
1.2 KiB
Python
34 lines
1.2 KiB
Python
from my_modules.app.constens import SECRET_KEY
|
|
|
|
import hmac, hashlib, base64, secrets, time
|
|
from urllib.parse import quote, unquote
|
|
|
|
def base64url_encode(data: bytes) -> str:
|
|
return base64.urlsafe_b64encode(data).decode().rstrip("=")
|
|
|
|
def base64url_decode(data: str) -> bytes:
|
|
padding = '=' * (-len(data) % 4)
|
|
return base64.urlsafe_b64decode(data + padding)
|
|
|
|
def generate_short_id(length=8):
|
|
token = base64.urlsafe_b64encode(secrets.token_bytes(length)).decode('utf-8')
|
|
return token.replace('=', '').replace('-', '').replace('_', '')[:length]
|
|
|
|
def generate_signed_url(file_id: str) -> str:
|
|
# signature based only on the file_id
|
|
sig = hmac.new(SECRET_KEY, file_id.encode(), hashlib.sha256).digest()
|
|
token = base64url_encode(sig)
|
|
return f"-{file_id}?sig={token}"
|
|
|
|
def verify_signed_url(file_id: str, token: str, file_expiration: int) -> bool:
|
|
# check both the signature and the file's stored expiration time
|
|
expected_sig = hmac.new(SECRET_KEY, file_id.encode(), hashlib.sha256).digest()
|
|
valid_sig = hmac.compare_digest(base64url_encode(expected_sig), token)
|
|
not_expired = file_expiration >= time.time()
|
|
return valid_sig and not_expired
|
|
|
|
if __name__ == "__main__":
|
|
file_id = generate_short_id()
|
|
url = generate_signed_url(file_id)
|
|
print(url)
|