def authenticate(self, request):
company = request.query.get('company', None)
expires = request.query.get('expires', None)
body = f'{company}:{expires}'.encode()
expected_sig = hmac.new(self.settings.user_auth_key, body, hashlib.sha256).hexdigest()
signature = request.query.get('signature', '-')
if not secrets.compare_digest(expected_sig, signature):
raise HTTPForbidden(text='Invalid token')
self.session = Session(
company=company,
expires=expires,
)
if self.session.expires < datetime.utcnow().replace(tzinfo=timezone.utc):
raise HTTPForbidden(text='token expired')
评论列表
文章目录
