Server-side verification middleware for BOTCHA JWT tokens
Project description
botcha-verify
Server-side verification middleware for BOTCHA JWT tokens.
Installation
pip install botcha-verify
For FastAPI support:
pip install "botcha-verify[fastapi]"
For Django support:
pip install "botcha-verify[django]"
Usage
Standalone Verification
from botcha_verify import verify_botcha_token, VerifyOptions
result = verify_botcha_token(
token="eyJhbG...",
secret="your-secret-key",
options=VerifyOptions(audience="https://api.example.com")
)
if result.valid:
print(f"Challenge solved in {result.payload.solve_time}ms")
else:
print(f"Invalid token: {result.error}")
FastAPI
from fastapi import FastAPI, Depends
from botcha_verify.fastapi import BotchaVerify
from botcha_verify import BotchaPayload
app = FastAPI()
botcha = BotchaVerify(secret='your-secret-key')
@app.get('/api/data')
async def get_data(token: BotchaPayload = Depends(botcha)):
return {"solve_time": token.solve_time}
Django
# settings.py
MIDDLEWARE = [
# ... other middleware
'botcha_verify.django.BotchaVerifyMiddleware',
]
BOTCHA_SECRET = 'your-secret-key'
BOTCHA_PROTECTED_PATHS = ['/api/']
BOTCHA_EXCLUDED_PATHS = ['/api/health']
# views.py
def my_view(request):
if hasattr(request, 'botcha'):
print(f"Solved in {request.botcha.solve_time}ms")
return JsonResponse({"data": "protected"})
Token Structure
BOTCHA JWT tokens contain:
sub: Challenge IDiat: Issued at (Unix timestamp)exp: Expiry (Unix timestamp)jti: JWT ID for revocationtype: "botcha-verified"solveTime: Challenge solve time in millisecondsaud: (optional) Audience claimclient_ip: (optional) Client IP binding
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
botcha_verify-0.1.0.tar.gz
(7.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file botcha_verify-0.1.0.tar.gz.
File metadata
- Download URL: botcha_verify-0.1.0.tar.gz
- Upload date:
- Size: 7.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f1c2a6ee7e923224b2d82798b81640513cd2c7e774d06c60c95e8ee370a5e37d
|
|
| MD5 |
2fbecda1cd0fe1187569538a5e7f2979
|
|
| BLAKE2b-256 |
da16faddce8535458e452c09bc8bebe2297f186e50dd0a842f55957232672d35
|
File details
Details for the file botcha_verify-0.1.0-py3-none-any.whl.
File metadata
- Download URL: botcha_verify-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9cc27f36c137b4db1ad65cc97c940e1586d093a22990e674bab8c9d925392a87
|
|
| MD5 |
0e2c983731651d97d43f89519258b15a
|
|
| BLAKE2b-256 |
b1bc7ea5b7bdaf1070b1f2bf7451df4adcba94133ff2f6d603118ab994542de1
|
