Signed cookie manager for communication between multiple trusted services.
Project description
Cookie-Manager
Signed cookie manager for communication between multiple trusted services.
Signs, verifies, and manages multiple cookies from trusted environments. Designed for use by services all within the same secure network (AWS VPC etc).
Wraps itsdangerous for the signing and verification (but this could change in the future).
Specifically, this handles:
- Managing multiple different cookies - one for every environment or paired service
- Error correction around sign/verify commands
This package is designed to sign and verify cookies - either ingoing or outgoing. These cookies are not encrypted, so stick to benign data, and only transmit within a trusted environment such as an AWS VPC.
Installation
Install and update using pip
:
pip install -U Cookie-Manager
Usage
Import:
from cookie_manager.cookie_manager import CookieManager
Cookie-Manager is designed to use multiple different signing/verifying keys -- one (or more) per environment. Configure your keys in a dict:
keys = {"key1": "SECRET", "key2": "SECRET2"}
Create an instance (and seed it with your keys):
cookie_manager = CookieManager(keys=keys)
Signing
To sign a cookie, start with a dict payload containing your data:
payload = {"key": "value"}
Then sign the payload, making sure to pass a valid key_id
as previously configured. The sign
method will
retrieve your signing key SECRET
to sign requests (based on the key_id
you pass in). This WILL override any
existing key with the name key_id
.
signed_cookie = cookie_manager.sign(cookie=payload, key_id="key1")
This will return you a signed cookie (with an additional key_id
pair added in):
'{"key": "value", "key_id": "key1"}.XepkCA.CUZtVTCXHbqoalWVCh5xOa4S4WE'
Verifying
When reading in a signed cookie, verification happens through the cookie payload -> whatever comes in needs to have a
key_id
in the payload, which is used to lookup the verification key (configured during instantiation). This is added
for you by sign
:
incoming_signed_cookie = '{"key": "value", "key_id", "key1"}.XepkCA.CUZtVTCXHbqoalWVCh5xOa4S4WE'
Verify this cookie (during which Cookie-Manager will extract key_id
from the payload, and lookup the key used to sign the cookie):
payload = cookie_manager.verify(signed_cookie=signed_cookie)
Now, you can access data inside the payload
object. The verify
function will raise errors if it cannot verify.
Custom Logging
This package uses dependency injection to log errors with Python's print
. To use your own logger, pass in a
logger object which implements critical
, error
, warning
, debug
, and info
functions. Here's how to patch
in the Flask logger, but any object will work providing it meets the Duck Typing rules:
cookie_manager = CookieManager(keys=keys, logger=app.logger)
This will result in logging calls firing to app.logger.<logger-level>
with a string passed in.
Custom Exceptions
Like logging, this package uses custom error handling if you need it. By default, all errors will raise as "Exception", but you can pass in a custom object to raise specific errors.
This class will raise Unauthorized
, ServiceUnavailable
, and BadRequest
.
Here's how to pass in a Werkzeug exception object:
from werkzeug import exceptions
cookie_manager = CookieManager(keys=keys, exceptions=exceptions)
Developing
The build pipeline require your tests to pass and code to be formatted
Make sure you have Python 3.x installed on your machine (use pyenv).
Install the dependencies with pipenv (making sure to include dev and pre-release packages):
pipenv install --dev --pre
Configure your environment:
pipenv shell && export PYTHONPATH="$PWD"
Run the tests:
pytest
Or with logging:
pytest -s
Or tests with coverage:
pytest --cov=./
Format the code with Black:
black $PWD
Releases
Cleanup the (.gitignored) dist
folder (if you have one):
rm -rf dist
Notch up the version number in setup.py
and build:
python3 setup.py sdist bdist_wheel
Push to PyPi (using the ScholarPack credentials when prompted)
python3 -m twine upload --repository-url https://upload.pypi.org/legacy/ dist/*
Links
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cookie_manager-1.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 01a63995dc775035e7d5a6dd17639211b2056b711889a3efd7d5f8fd83975a24 |
|
MD5 | b8f0880487a848ddadce1d07a983c1d8 |
|
BLAKE2b-256 | b3a07f8464b5dc18a0ef0a5489ab21c0b2d496116635c6a1e914f2c1d88b5e8b |