Docker>> dwt>> 返回
项目作者: enodari

项目描述 :
HMAC-SHA256 expiring tokens
高级语言: Python
项目地址: git://github.com/enodari/dwt.git
创建时间: 2019-02-27T15:16:17Z
项目社区:https://github.com/enodari/dwt
开源协议:MIT License
下载


dwt

Generate and check HMAC-SHA256 expiring tokens.

It’s similar to JWT, but:

  • HS256 only.
  • no header.
  • no payload, only a short expiration time.

So why I made it? It was fun. It’s not meant to be used in a production environment.

Installation

  1. $ git clone https://github.com/enodari/dwt.git && cd dwt/
  2. $ pip install -e .

Usage Example

  1. import dwt
  3. KEY = 'you-should-use-a-long-key'
  5. token = dwt.issue(KEY, ttl=5)
  6. dwt.check(KEY, token)

Remember to always use a strong key (256-bit minimum).

SSO demo

You can use dwt to issue and check tokens for a simple, single-user (clearly not production ready) SSO client/server.

  1. import dwt
  3. from flask import Flask, make_response, redirect, request
  5. KEY = 'you-should-use-a-long-key'
  7. app = Flask('app')  # run this app on port 8000
  8. sso = Flask('sso')  # run this app on port 5000
  11. @app.route('/')
  12. def hello_world():
  13.     token = request.cookies.get('token')
  15.     if not dwt.check(KEY, token):
  16.         return redirect('http://127.0.0.1:5000/?next=http://127.0.0.1:8000')
  18.     return 'Hello, World!'
  21. @sso.route('/', methods=['GET', 'POST'])
  22. def login_page():
  23.     if request.method == 'POST':
  24.         if request.form.get('pass', '') == 'TEST':
  25.             response = make_response(redirect(request.form.get('next', '')))
  26.             response.set_cookie('token', dwt.issue(KEY, ttl=60))  # expires in a minute
  28.             return response
  30.     return '''<form method=POST>
  31.                   <input type=password name=pass>
  32.                   <input type=hidden name=next value={}>
  33.                   <input type=submit value=go>
  34.               </form>'''.format(request.args.get('next'))

License

MIT