EscherPython

Installation

Use Python 3.6 or above. Create a local envirioment. Use pip to install escher lib of python. This is a wrapper for the go implementation. This packages requires glibc which makes it unusable with musl libc (e.g.: in alpine linux)

pip install escherauth-go

Usage

After install the package it is ready to be use. See below the examples. The request and response type come from Flask package.

Signing a Request

You can validate a request signed by the methods described above. For that you will need a database of the access keys and secrets of your clients. Escher accepts any kind of object as a key database that implements the ArrayAccess interface.

from flask import Flask, request
from escherauth_go.escher_validator import EscherValidator
from escherauth_go.escher_signer import EscherSignerError

validator = EscherValidator('eu/suite/ems_request',
                            [{'keyId':'EscherExample', 'secret':'Secret', 'acceptOnly':0}],
                            authHeaderName='X-Ems-Auth',
                            dateHeaderName='X-Ems-Date')

def escher_validate(web_request):
    parsed_url = urlparse(web_request.url)
    url = (parsed_url.path + '?' + parsed_url.query).rstrip('?')
    validator.validateRequest(
        web_request.method,
        url,
        web_request.data.decode('utf-8'),
        web_request.headers
    )

 def validate_request(request):
     try:
         escher_validate(request)
     except EscherValidatorError as e:
         return Response('Authorization required {}'.format(e), HTTPStatus.UNAUTHORIZED)

Signing a Request

You can validate a request signed by the methods described above. For that you will need a database of the access keys and secrets of your clients. Escher accepts any kind of object as a key database that implements the ArrayAccess interface. (It also accepts plain arrays, however it is not recommended to use a php array for a database of API secrets - it’s just there to ease testing)

import requests
from escherauth_go.escher_signer import EscherSigner,

signer = EscherSigner('EscherExample', 'TheBeginningOfABeautifulFriendship', 'eu/suite/ems_request')

def sign_and_send(body):
    try:
        signed_headers = signer.signRequest(
            'POST',
            '/validate_request',
            body,
            {
                'host': 'localhost:5000'
            })
        signed_headers.update({'Content-Type':'application/json'})
        return requests.post('http://docker.for.mac.localhost:5001/validate_request', data=body, headers= signed_headers)
    except EscherSignerError as e:
        # Handle sign error