Skip to main content

HTTP signature verification middleware for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_middleware_httpsig


Swarmauri Middleware HttpSig

HttpSigMiddleware verifies a base64-encoded HMAC-SHA256 signature on every incoming request body. The middleware compares the provided signature (default header X-Signature) with one generated from the request payload using a shared secret. Missing or incorrect signatures are rejected with 401.

Features

  • Validates request payloads with an HMAC-SHA256 digest
  • Uses constant-time comparisons to mitigate timing attacks
  • Configurable signature header via the header_name argument
  • Logs and rejects requests that do not supply a valid signature

Installation

Choose the tool that matches your workflow:

# pip
pip install swarmauri_middleware_httpsig

# Poetry
poetry add swarmauri_middleware_httpsig

# uv
uv add swarmauri_middleware_httpsig

Example

The snippet below wires the middleware into FastAPI via the @app.middleware decorator, signs a request body, and demonstrates the 401 response that occurs when a tampered signature is supplied. The middleware raises HTTPException, so the example also converts those errors to JSON responses.

import base64
import hashlib
import hmac
import json

from fastapi import FastAPI, HTTPException, Request
from fastapi.testclient import TestClient
from fastapi.responses import JSONResponse

from swarmauri_middleware_httpsig import HttpSigMiddleware


app = FastAPI()
http_sig = HttpSigMiddleware(secret_key="supersecret")


@app.middleware("http")
async def verify_signature(request: Request, call_next):
    try:
        return await http_sig.dispatch(request, call_next)
    except HTTPException as exc:
        return JSONResponse(status_code=exc.status_code, content={"detail": exc.detail})


@app.post("/echo")
async def echo(payload: dict) -> dict:
    return payload


def create_signature(secret: str, body: bytes) -> str:
    digest = hmac.new(secret.encode(), body, hashlib.sha256).digest()
    return base64.b64encode(digest).decode()


if __name__ == "__main__":
    client = TestClient(app)

    body = json.dumps({"message": "hello"}).encode()
    signature = create_signature("supersecret", body)

    ok = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": signature,
            "Content-Type": "application/json",
        },
    )
    assert ok.status_code == 200
    print("Verified response:", ok.json())

    bad = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": "tampered",
            "Content-Type": "application/json",
        },
    )
    assert bad.status_code == 401
    print("Unauthorized status:", bad.status_code)

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_middleware_httpsig-0.8.0.dev40.tar.gz (7.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_middleware_httpsig-0.8.0.dev40.tar.gz.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.8.0.dev40.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.8 {"installer":{"name":"uv","version":"0.10.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.8.0.dev40.tar.gz
Algorithm Hash digest
SHA256 5add2ecc21c405014fd274e7a17caf2410f13418061a74bb73f3847dbe799892
MD5 a19966c97ada46485d90fe5759ea8171
BLAKE2b-256 0cec278460d2d812f484e1834beda8f0fb91e6f172df974736ba8a43f0c96ba8

See more details on using hashes here.

File details

Details for the file swarmauri_middleware_httpsig-0.8.0.dev40-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.8.0.dev40-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.8 {"installer":{"name":"uv","version":"0.10.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.8.0.dev40-py3-none-any.whl
Algorithm Hash digest
SHA256 6098c9e0b3c060e28cb8fa9627e3a383ebf78c7188ff8357f7fe6039b0b8df0c
MD5 89c8dda8dc0a2dcb2c98a3df0177f762
BLAKE2b-256 f79897c66f67ed2570ae8c172f20998d4860b8083bfd55bfe6bdda98852ede1d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page