django request signature
Project description
django-request-sign
对django请求进行签名效验
安装
pip install django-request-sign
使用
将 request_sign.middleware.RequestSignMiddleware 放置到中间件第一位
# django settings
MIDDLEWARE = [
'request_sign.middleware.RequestSignMiddleware',
...
...
]
前端支持与示例
需要在header头中增加的参数,这里以axios作为参考,前端签名参考示例js文件
实际使用前请不要忘了删除示例文件中输出的日志信息
| 参数 | 说明 |
|---|---|
| timestamp | 请求时间戳 |
| nonce | 请求ID(随机生成) |
| sign | 本次请求签名 |
配置参数
| 配置参数 | 说明 | 类型 | 默认值 | 示例 |
|---|---|---|---|---|
| SIGNATURE_DEBUG | 开启DEBUG调试 | Boolean | False |
True/False |
| ENABLE_REQUEST_SIGNATURE | 是否开启 | Boolean | False |
True/False |
| SIGNATURE_SECRET | 签名秘钥 | Str | None |
e6QGz7AhFzFAFsR9jYoCUnZGsqDrQI |
| SIGNATURE_ALLOW_TIME_ERROR | 允许请求时间前后误差 | Int | 600 |
600 |
| SIGNATURE_RESPONSE | 签名不通过返回方法 | Str | request_sign.utils.default_response |
you_project.you_app.file.function |
| SIGNATURE_PASS_URL | 不需要验证签名的url | List | [] | ['/api/v1/mcn/content/download'] |
| SIGNATURE_PASS_URL_REGULAR | 不需要验证签名的url正则 | List | [] | ['/app/*'] |
| SIGNATURE_METHOD | 效验请求类型 | List | ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace'] | ['get'] |
| NONCE_CACHE_KEY | 唯一性检查缓存key名称 | Str | "django_request_sign_nonce_{nonce}" | "test_{nonce}" |
参数说明:SIGNATURE_RESPONSE
from django.http import HttpResponse
# request_sign.utils.default_response
def default_response():
"""
Must return django HttpResponse type
:return: HttpResponse
"""
return HttpResponse()
request_sign.utils.default_response 方法默认返回http状态码为200的空信息,你可以自行实现一个返回函数,更改 SIGNATURE_RESPONSE配置
即可,但请一定注意,自行实现的函数一定要返回一个django的HttpResponse对象,否则django会异常。
参数说明:SIGNATURE_PASS_URL
在此名单中的请求地址将不会效验签名,如http://example.com/a/b/c?p=1 填写:/a/b/c即可,主机与请求参数不用填写
- 在urls.py中配置name属性
re_path('content/download', views.DownloadContent.as_view(), name='DownloadContent'),配置中填写name值即可(推荐) - 直接写url(不推荐)
参数说明:NONCE_CACHE_KEY
传入的key名称会以format函数解析,所以你必须在字符串中包括{nonce}
请求唯一性检查需要设置django-redis,每次请求都会插入一个key来判断唯一性,如果没有安装django-redis则此配置无效
签名参数sign生成的方法
- 拼接字符串,首先去除sign参数本身,然后去除值是空的参数p3,剩下p2=v2&p1=v1&method=cancel&pn=vn, 然后按参数名字符升序排序,method=cancel&p1=v1&p2=v2&pn=vn.
- 然后做参数名和值的拼接,最后得到methodcancelp1v1p2v2pnvn
- 在上面拼接得到的字符串后加上验证密钥key,我们假设是abc,得到新的字符串methodcancelp1v1p2v2pnvnabc
- 然后将这个字符串换为小写进行md5计算,假设得到的是abcdef,这个值即为sign签名值。
参考
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django-request-sign-1.1.5.tar.gz.
File metadata
- Download URL: django-request-sign-1.1.5.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.0 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0b8203629dca96e8e62fb2cd71df4b36b8de86eab4b34fae6ea9b99398eeacf7
|
|
| MD5 |
ccc8e5f7ad7eeca8abcf3cfbf5f36958
|
|
| BLAKE2b-256 |
d2e3aa96b156bdfcf8db4ef796ad597b3ade6e92c6a92691ba65c6f33568b288
|
File details
Details for the file django_request_sign-1.1.5-py3-none-any.whl.
File metadata
- Download URL: django_request_sign-1.1.5-py3-none-any.whl
- Upload date:
- Size: 6.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.0 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3cb0dead81d75ebc2449f19579e8b180bbf22f4cc593842c3bbf3621d630eb8e
|
|
| MD5 |
65510bc4c26e0edbbf9a0fcdfdc8f133
|
|
| BLAKE2b-256 |
059be43d9b437ef70a6402a734358e6df27ea939262c39d66db2d1bdf967db04
|
