Skip to main content

HTTP signature verification middleware for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_middleware_httpsig


Swarmauri Middleware HttpSig

HttpSigMiddleware verifies a base64-encoded HMAC-SHA256 signature on every incoming request body. The middleware compares the provided signature (default header X-Signature) with one generated from the request payload using a shared secret. Missing or incorrect signatures are rejected with 401.

Features

  • Validates request payloads with an HMAC-SHA256 digest
  • Uses constant-time comparisons to mitigate timing attacks
  • Configurable signature header via the header_name argument
  • Logs and rejects requests that do not supply a valid signature

Installation

Choose the tool that matches your workflow:

# pip
pip install swarmauri_middleware_httpsig

# Poetry
poetry add swarmauri_middleware_httpsig

# uv
uv add swarmauri_middleware_httpsig

Example

The snippet below wires the middleware into FastAPI via the @app.middleware decorator, signs a request body, and demonstrates the 401 response that occurs when a tampered signature is supplied. The middleware raises HTTPException, so the example also converts those errors to JSON responses.

import base64
import hashlib
import hmac
import json

from fastapi import FastAPI, HTTPException, Request
from fastapi.testclient import TestClient
from fastapi.responses import JSONResponse

from swarmauri_middleware_httpsig import HttpSigMiddleware


app = FastAPI()
http_sig = HttpSigMiddleware(secret_key="supersecret")


@app.middleware("http")
async def verify_signature(request: Request, call_next):
    try:
        return await http_sig.dispatch(request, call_next)
    except HTTPException as exc:
        return JSONResponse(status_code=exc.status_code, content={"detail": exc.detail})


@app.post("/echo")
async def echo(payload: dict) -> dict:
    return payload


def create_signature(secret: str, body: bytes) -> str:
    digest = hmac.new(secret.encode(), body, hashlib.sha256).digest()
    return base64.b64encode(digest).decode()


if __name__ == "__main__":
    client = TestClient(app)

    body = json.dumps({"message": "hello"}).encode()
    signature = create_signature("supersecret", body)

    ok = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": signature,
            "Content-Type": "application/json",
        },
    )
    assert ok.status_code == 200
    print("Verified response:", ok.json())

    bad = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": "tampered",
            "Content-Type": "application/json",
        },
    )
    assert bad.status_code == 401
    print("Unauthorized status:", bad.status_code)

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_middleware_httpsig-0.8.0.dev37.tar.gz (7.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_middleware_httpsig-0.8.0.dev37.tar.gz.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.8.0.dev37.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.8.0.dev37.tar.gz
Algorithm Hash digest
SHA256 c975cd0b5fff7463dd7869bcb5b11f24708fcb6bed8f83f25cf34c6e34491217
MD5 ed104497c6247fe9d635d49080dc57a7
BLAKE2b-256 23f702568bcf20939574ae1d9dbdf642e102901aaca142413b2f12271e3db370

See more details on using hashes here.

File details

Details for the file swarmauri_middleware_httpsig-0.8.0.dev37-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.8.0.dev37-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.8.0.dev37-py3-none-any.whl
Algorithm Hash digest
SHA256 e4ea189fc04a364d3e61b34b2325a491f96406f0a1296587adfd9ff8d397de83
MD5 8acc98dbe7dc2f3398df4750cdfa2651
BLAKE2b-256 2622e23b2e3159898eed94d19837bfe84dab1240723ecfe364174cab2354e2f8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page