Skip to main content

HTTP signature verification middleware for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_middleware_httpsig


Swarmauri Middleware HttpSig

HttpSigMiddleware verifies a base64-encoded HMAC-SHA256 signature on every incoming request body. The middleware compares the provided signature (default header X-Signature) with one generated from the request payload using a shared secret. Missing or incorrect signatures are rejected with 401.

Features

  • Validates request payloads with an HMAC-SHA256 digest
  • Uses constant-time comparisons to mitigate timing attacks
  • Configurable signature header via the header_name argument
  • Logs and rejects requests that do not supply a valid signature

Installation

Choose the tool that matches your workflow:

# pip
pip install swarmauri_middleware_httpsig

# Poetry
poetry add swarmauri_middleware_httpsig

# uv
uv add swarmauri_middleware_httpsig

Example

The snippet below wires the middleware into FastAPI via the @app.middleware decorator, signs a request body, and demonstrates the 401 response that occurs when a tampered signature is supplied. The middleware raises HTTPException, so the example also converts those errors to JSON responses.

import base64
import hashlib
import hmac
import json

from fastapi import FastAPI, HTTPException, Request
from fastapi.testclient import TestClient
from fastapi.responses import JSONResponse

from swarmauri_middleware_httpsig import HttpSigMiddleware


app = FastAPI()
http_sig = HttpSigMiddleware(secret_key="supersecret")


@app.middleware("http")
async def verify_signature(request: Request, call_next):
    try:
        return await http_sig.dispatch(request, call_next)
    except HTTPException as exc:
        return JSONResponse(status_code=exc.status_code, content={"detail": exc.detail})


@app.post("/echo")
async def echo(payload: dict) -> dict:
    return payload


def create_signature(secret: str, body: bytes) -> str:
    digest = hmac.new(secret.encode(), body, hashlib.sha256).digest()
    return base64.b64encode(digest).decode()


if __name__ == "__main__":
    client = TestClient(app)

    body = json.dumps({"message": "hello"}).encode()
    signature = create_signature("supersecret", body)

    ok = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": signature,
            "Content-Type": "application/json",
        },
    )
    assert ok.status_code == 200
    print("Verified response:", ok.json())

    bad = client.post(
        "/echo",
        data=body,
        headers={
            "X-Signature": "tampered",
            "Content-Type": "application/json",
        },
    )
    assert bad.status_code == 401
    print("Unauthorized status:", bad.status_code)

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_middleware_httpsig-0.8.0.dev43.tar.gz (7.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_middleware_httpsig-0.8.0.dev43.tar.gz.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.8.0.dev43.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.8.0.dev43.tar.gz
Algorithm Hash digest
SHA256 a67682302bf5523e5b73c578d629b14adcba4c2952db24236d1e98c875bc0192
MD5 e096f2901f6a2a1f9d810418775355e9
BLAKE2b-256 03d486f246a6eff7454163b5926f61d444c5aaab2d228911f634ab550d5da89a

See more details on using hashes here.

File details

Details for the file swarmauri_middleware_httpsig-0.8.0.dev43-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_middleware_httpsig-0.8.0.dev43-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_httpsig-0.8.0.dev43-py3-none-any.whl
Algorithm Hash digest
SHA256 165c8f96ac913dcea6f0a99b64a785a35d4f6f471bed8dd8ee0947c854aecf5b
MD5 57c8798e79228a9395f8891074e5b038
BLAKE2b-256 ec5eacef80fd6a32943004cf347ccf8d8d018b3f87314662d9c845958ee816d3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page