This Flask extension provides server-side implementation of RSA-based request signature validation.
Project description
Flask RSA Signature Validation
This Flask extension provides server-side implementation of RSA-based request signature validation. It enhances the security of web applications by ensuring the integrity and authenticity of incoming requests. The extension allows developers to easily integrate RSA signature validation into their Flask applications.
Installation
Install the Flask RSA Signature Validation extension using pip:
pip install flask-rsa
Usage
To use this extension in your Flask application, follow these steps:
- Import the RSA class from the flask_rsa_signature module.
from flask_rsa import RSA
- Create a Flask application and initialize the RSA extension.
from flask import Flask
app = Flask(__name__)
rsa = RSA(app)
3.Decorate the route(s) that require RSA signature validation using the @rsa.signature_required() decorator.
@app.route('/secure-endpoint', methods=['POST'])
@rsa.signature_required()
def secure_endpoint():
# Your protected route logic here
return jsonify({"message": "Request successfully validated and processed"})
4.(Optional) Customize the extension by adjusting the configuration parameters.
app.config['RSA_SIGNATURE_HEADER'] = 'X-Signature'
app.config['RSA_NONCE_HEADER'] = 'X-Nonce-Value'
# Add more configuration parameters as needed
- Run your Flask application as usual.
Configuration Parameters
RSA_SIGNATURE_HEADER
: Header name for the RSA signature (default: 'X-Signature').RSA_NONCE_HEADER
: Header name for the nonce value (default: 'X-Nonce-Value').RSA_NONCE_CREATED_AT_HEADER
: Header name for the nonce creation timestamp (default: 'X-Nonce-Created-At').RSA_NONCE_QUEUE_SIZE_LIMIT
: Limit on the number of nonces stored in the queue (default: 10).RSA_TIME_DIFF_TOLERANCE_IN_SECONDS
: Time difference tolerance for nonce validation (default: 10.0 seconds).RSA_PUBLIC_KEY_URL
: Endpoint URL for exposing the server's public key (default: '/public-key').RSA_PRIVATE_KEY_PATH
andRSA_PUBLIC_KEY_PATH
: Paths to the private and public keys, respectively. If not provided, new keys will be generated.RSA_ERROR_CODE
: HTTP status code to return in case of validation failure (default: 403).
Example
For a practical example of how to use this extension, refer to the provided example code.
License
This extension is released under the MIT License. See the LICENSE file for more details.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for Flask_RSA-0.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 88ad664663aeb6e20595986eea6fcccfbea0f74d1f8a70010d4849b675efe874 |
|
MD5 | b53632b4f452b09ee5218ac9e95d0bb3 |
|
BLAKE2b-256 | e75dbabdff4eeadc205f8b126d18ecce30f98b8949e20ad27c53ee92cb5df58c |