Flask HMAC generator, checker, and route decorator
Project description
This module provides three functions to authenticate calls to a Flask route. The intended use case is for use with REST APIs. This module is not intended to do any kind of login or session management, it is simply designed to check that a client is entitled to access a particular route in a Flask application, based on the fact that it must possess a copy of the shared/secret key.
Usage
Usage consists of a server decorator or calling the render_hmac function, and a client (or function in the server application) passing a base64 encoded HMAC.
Server/Application Usage
To use this module in your application, add an ‘HMAC_KEY’ to your application’s config object. For example:
HMAC_KEY = 2a21c5b3bff0299c0161470468f355e5b4afcf17a5f593ab68394e
The three provided methods are:
check_wrapper() decorator function, which wraps a route with a call to:
2. compare_hmacs() function, which compares a client supplied token with a server generated token. If the two match, return the decorated function. If not, return a 403 response.
render_hmac() function, which, you guessed it, generates an hmac.
To use this module, instantiate it like this:
from flask_hmac import Hmac
app = Flask(__name__)
hm = Hmac(app)Now you can decorate a route with the @hm.check_hmac decorator like so:
@app.route('/path/to/api/endpoint', METHODS = ['PUT', 'POST'])
@hm.check_hmacLastly, you can temporarily disable the check_hmac validation with a config value. Make a variable HMAC_DISARM = True in your app.config object. This setting is useful for testing as it allows you to leave all decorator calls in place for routes/blueprints.
Client usage
To pass an HMAC from your client, send a base64 url safe encoded header of the HMAC like this:
"HMAC: UKW-EaC9diBPuRTgwaUprw4pf4h1nTJyClCT48dbhQo"
Ensure that any trailing = characters are stripped and you should be all set.
TODO
1. Allow using any kind of rendered HMAC like hexdigest instead of only base64 url safe.
2. Create self.status_code and self.message variables for use on __init__ to allow custom responses on HMAC comparison failure.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file Flask-HMAC-0.1.3.tar.gz.
File metadata
- Download URL: Flask-HMAC-0.1.3.tar.gz
- Upload date:
- Size: 3.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c71cdd6c56d4a2b4de8de164ad3f1f2e2e5182498674b38acaf69367c70a5c90
|
|
| MD5 |
6b7dbb77859b3dbd09d616c1b9cdf905
|
|
| BLAKE2b-256 |
5ad7cc208f3484fe250cb926381487f72dc344685c35a1aa92bf34ffea83c9e4
|
