Mercurial > code > home > repos > video
annotate signature_gen.py @ 49:1bd17c2e5517 default tip
video.py must sign video urls for serve-files.js to serve them
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 06 Dec 2024 17:13:51 -0800 |
| parents | |
| children |
| rev | line source |
|---|---|
|
49
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
1 import base64 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
2 import json |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
3 import logging |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
4 from pathlib import Path |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
5 import time |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
6 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
7 from Crypto.Cipher import AES |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
8 from Crypto.Random import get_random_bytes |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
9 from Crypto.Util.Padding import pad |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
10 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
11 log = logging.getLogger() |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
12 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
13 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
14 SIGNATURE_KEY = Path('/secret/signature_key').read_bytes() |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
15 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
16 def _encrypt_data(data: bytes, key: bytes) -> str: |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
17 iv = get_random_bytes(12) |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
18 cipher = AES.new(key, AES.MODE_GCM, iv) |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
19 ciphertext, tag = cipher.encrypt_and_digest(pad(data, AES.block_size)) |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
20 return base64.b64encode(iv + ciphertext + tag).decode('utf-8') |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
21 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
22 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
23 def makePlaybackSig(user: str, webDataPath: str, lifeSeconds=3600) -> str: |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
24 msg = [user, webDataPath, int(time.time() + lifeSeconds)] |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
25 return _encrypt_data( |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
26 json.dumps(msg).encode('utf-8'), SIGNATURE_KEY) |