Skip to main content

HTTP signature verification middleware for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_middleware_httpsig Discord

Swarmauri Middleware HttpSig

HttpSigMiddleware verifies a base64-encoded HMAC-SHA256 signature on every incoming request body. The middleware compares the provided signature (default header X-Signature) with one generated from the request payload using a shared secret. Missing or incorrect signatures are rejected with 401.

Features

  • Validates request payloads with an HMAC-SHA256 digest
  • Uses constant-time comparisons to mitigate timing attacks
  • Configurable signature header via the header_name argument
  • Logs and rejects requests that do not supply a valid signature

Installation

Choose the tool that matches your workflow:

# pip
pip install swarmauri_middleware_httpsig

# Poetry
poetry add swarmauri_middleware_httpsig

# uv
uv add swarmauri_middleware_httpsig

Example

The snippet below wires the middleware into FastAPI via the @app.middleware decorator, signs a request body, and demonstrates the 401 response that occurs when a tampered signature is supplied. The middleware raises HTTPException, so the example also converts those errors to JSON responses.

import base64
import hashlib
import hmac
import json

from fastapi import FastAPI, HTTPException, Request
from fastapi.testclient import TestClient
from fastapi.responses import JSONResponse

from swarmauri_middleware_httpsig import HttpSigMiddleware


app = FastAPI()
http_sig = HttpSigMiddleware(secret_key="supersecret")


@app.middleware("http")
async def verify_signature(request: Request, call_next):
    try:
        return await http_sig.dispatch(request, call_next)
    except HTTPException as exc:
        return JSONResponse(status_code=exc.status_code, content={"detail": exc.detail})


@app.post("/echo")
async def echo(payload: dict) -> dict:
    return payload


def create_signature(secret: str, body: bytes) -> str:
    digest = hmac.new(secret.encode(), body, hashlib.sha256).digest()
    return base64.b64encode(digest).decode()


if __name__ == "__main__":
    client = TestClient(app)

    body = json.dumps({"message": "hello"}).encode()
    signature = create_signature("supersecret", body)

    ok = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": signature,
            "Content-Type": "application/json",
        },
    )
    assert ok.status_code == 200
    print("Verified response:", ok.json())

    bad = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": "tampered",
            "Content-Type": "application/json",
        },
    )
    assert bad.status_code == 401
    print("Unauthorized status:", bad.status_code)

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_middleware_httpsig-0.11.0.dev1.tar.gz (7.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_middleware_httpsig-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 7.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 49a177a0e4723be6642bc4fce6408b5e97ca82a6a5e5cdacfd9b9f0f7e9b816c
MD5 148bf8c4ea2d4ff4352c95b2e6e47a62
BLAKE2b-256 07a340df966d3671b50cc5e6566e4dd6f4917443a1b0a6a2f3fce6f14354821d

See more details on using hashes here.

File details

Details for the file swarmauri_middleware_httpsig-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 9.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 df71dab8cb38b229af8acd4048544afdc5c9bd5f401b56fe35b59d65faeeba0d
MD5 ecb440cf853f563278bbe025d990c175
BLAKE2b-256 dc71042137ba0bd0e6b423c63ca4441a3965de94342a3b4d3d74a0a2c2089f30

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page