File size: 1,297 Bytes
090987a |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# middleware.py
import hashlib
import hmac
from django.http import JsonResponse
from ai_api.models import APIClient
class HMACAuthMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# if request.path.startswith('/admin/'):
# return self.get_response(request)
if not request.path.startswith('/api/'):
return self.get_response(request)
client_id = request.headers.get('X-Client-ID')
signature = request.headers.get('X-Signature')
if not client_id or not signature:
return JsonResponse({'error': 'Missing credentials'}, status=401)
from ai_api.models import APIClient
try:
client = APIClient.objects.get(client_id=client_id)
except APIClient.DoesNotExist:
return JsonResponse({'error': 'Invalid client ID'}, status=401)
expected_signature = hmac.new(
client.secret_key.encode(),
request.body,
hashlib.sha256
).hexdigest()
if not hmac.compare_digest(expected_signature, signature):
return JsonResponse({'error': 'Invalid signature'}, status=401)
request.api_client = client
return self.get_response(request)
|