70 lines
1.7 KiB
Python
70 lines
1.7 KiB
Python
# Copyright 2014, Ian Gulliver
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import hashlib
|
|
import hmac
|
|
import random
|
|
import string
|
|
|
|
from google.appengine.api import memcache
|
|
from google.appengine.ext import db
|
|
|
|
|
|
class BadSignature(Exception):
|
|
pass
|
|
|
|
|
|
class AuthKey(db.Model):
|
|
auth_key = db.ByteStringProperty(required=True)
|
|
live = db.BooleanProperty(required=True, default=True)
|
|
|
|
|
|
_KEY_CHARS = string.ascii_letters + string.digits
|
|
_KEY_LENGTH = 64
|
|
|
|
def GetAuthKey():
|
|
auth_key = memcache.get('auth_key')
|
|
if auth_key:
|
|
return auth_key
|
|
|
|
for key in AuthKey.all().filter('live =', True):
|
|
auth_key = key.auth_key
|
|
|
|
if not auth_key:
|
|
auth_key = ''.join(random.choice(_KEY_CHARS) for _ in xrange(_KEY_LENGTH))
|
|
AuthKey(auth_key=auth_key).put()
|
|
|
|
memcache.set('auth_key', auth_key)
|
|
return auth_key
|
|
|
|
|
|
def Sign(value):
|
|
sig = hmac.new(GetAuthKey(), str(value), hashlib.sha512)
|
|
return '%s:%s' % (value, sig.hexdigest())
|
|
|
|
|
|
def Parse(token):
|
|
if not token:
|
|
return None
|
|
value, sig_digest = token.split(':', 1)
|
|
if token != Sign(value):
|
|
raise BadSignature
|
|
return value
|
|
|
|
|
|
def ParseKey(token):
|
|
if not token:
|
|
return None
|
|
return db.Key(encoded=Parse(token))
|