Bennett/g0v0-server
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e0a386934ecd0fa2c238465929c02fc46b6ef4c1
g0v0-server/app/router/private/router.py
MingxuanGame 8acd4578e2 feat(private): initialize private API
2025-08-11 14:41:07 +00:00

40 lines
1.0 KiB
Python
Raw Blame History

from __future__ import annotations
import hashlib
import hmac
import time
from app.config import settings
from fastapi import APIRouter, Depends, Header, HTTPException, Request
async def verify_signature(
request: Request,
ts: int = Header(..., alias="X-Timestamp"),
nonce: str = Header(..., alias="X-Nonce"),
signature: str = Header(..., alias="X-Signature"),
):
path = request.url.path
data = await request.body()
body = data.decode("utf-8")
py_ts = ts // 1000
if abs(time.time() - py_ts) > 30:
raise HTTPException(status_code=403, detail="Invalid timestamp")
payload = f"{path}|{body}|{ts}|{nonce}"
expected_sig = hmac.new(
settings.private_api_secret.encode(), payload.encode(), hashlib.sha256
).hexdigest()
if not hmac.compare_digest(expected_sig, signature):
raise HTTPException(status_code=403, detail="Invalid signature")
router = APIRouter(
prefix="/api/private",
dependencies=[Depends(verify_signature)],
include_in_schema=False,
)
Reference in New Issue View Git Blame Copy Permalink