From 14144fe98a997792dd2c17fbe1cb395ed4e10054 Mon Sep 17 00:00:00 2001
From: Joshua Yin <joshua.yin@ucloud.cn>
Date: Wed, 9 Jan 2019 15:45:08 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0Ufile=20Auth-Server=20for=20P?=
 =?UTF-8?q?ython?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ufile-auth-server-python/server/__init__.py   |   1 +
 .../__pycache__/__init__.cpython-37.pyc       | Bin 0 -> 190 bytes
 .../__pycache__/authroization.cpython-37.pyc  | Bin 0 -> 3005 bytes
 .../server/auth_server.py                     |  55 +++++++++++
 .../server/authroization.py                   |  91 ++++++++++++++++++
 ufile-auth-server-python/venv/pyvenv.cfg      |   3 +
 6 files changed, 150 insertions(+)
 create mode 100644 ufile-auth-server-python/server/__init__.py
 create mode 100644 ufile-auth-server-python/server/__pycache__/__init__.cpython-37.pyc
 create mode 100644 ufile-auth-server-python/server/__pycache__/authroization.cpython-37.pyc
 create mode 100644 ufile-auth-server-python/server/auth_server.py
 create mode 100644 ufile-auth-server-python/server/authroization.py
 create mode 100644 ufile-auth-server-python/venv/pyvenv.cfg

diff --git a/ufile-auth-server-python/server/__init__.py b/ufile-auth-server-python/server/__init__.py
new file mode 100644
index 0000000..1f356cc
--- /dev/null
+++ b/ufile-auth-server-python/server/__init__.py
@@ -0,0 +1 @@
+__version__ = '1.0.0'
diff --git a/ufile-auth-server-python/server/__pycache__/__init__.cpython-37.pyc b/ufile-auth-server-python/server/__pycache__/__init__.cpython-37.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..2fe8aa66f1dd1a3ad34fd5f21f21e9e1051c0f44
GIT binary patch
literal 190
zcmZ?b<>g`k0>eg=7%?FI7{q}AMj*ohh>JOZL<&O`LkeRsgC<iItD&BOo`Ihx<1Oy^
z__EZZ;>`TK`1q9!MNB|-VB%MherPdJLO(0NIHNRCKRmxEySN}RIaS{aA`npNoRL_R
zt6!RynUkuUSXz>y3ses@OSho1BqKjhAHvg*kI&4@EQycTE2zB1VUwGmQks)$2Xa?2
H5HkP(k)<-j

literal 0
HcmV?d00001

diff --git a/ufile-auth-server-python/server/__pycache__/authroization.cpython-37.pyc b/ufile-auth-server-python/server/__pycache__/authroization.cpython-37.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..ff5fc3445c87864de0429393a2e55e60635906f3
GIT binary patch
literal 3005
zcmcIm%~RV(6yMdig`qSb5HfA*Or~L+3>aF1LniGckS_w`p%6pjwxbHKz{0WxyK)>n
z%ArHfolXxun?n!%mvrc*r~C^!^*zZ5Ore*y(&)Y2w@+_(-|xM*J3lyR5_o?6?ap`C
zvV{DJoufyF#sm1oED%N*^++Y*v_hdTc~V2J$doX-qA;bRJ|#?L+B?Fu1F51hx<>N)
zd-#`>@-$LJ&7SVuU)q}W+b@GsWzB8yDZW~4&pGYc#j4ksZWq7&X8!K&opRk>FV<de
z&%X-R@64ArO4G|;sa*HJ>O7cRnwt)minZ$Q!jt9Ob5qaS>-D?d({lSc-`m^iY?b}i
zqenBv)nzW`wx-LCU}pQ}o8t0Ddw!<=xY%k`aWzMe1dRvq2_z1|Jyj%^RAfe(^p3!u
zWTpUDlU>1%bY?(bXBlP!H`oBn0?)8P*y&J|eb@?W+;=;6;PWb4#|JrjasfVZ1xQFk
zVv&F{;5%f598mBe0Si*8GxY6_@S7I11N-}XpNqT{Wl}+;?sB&ofJ_mNx5X8(^*iA@
zun!xBvT(R4?D(SAvI`qNuZvx~>J*+Qf|dP+n#~)9)|Trz6E>`K0`y-yd}4P$sQJx8
z(ktLdvIEy|PVVkUhGn@;H?S-S4kB<$LN(gCd~&OkM><uC<M3cirF;GZIw9$jL-Lk}
zu<J2!18`{!_6#1NU5Uwu^sUruE6|pEZ57%|s4!AD_%o(KJJHucu7+wX{{iG`Pi}x*
z3$<AO2IN{#o&mWY>aqN1kn5qu%uy1mqa@}^k825kYlMJpC_`@mwDeI@Bp@SQIm8(<
zEF0h-gD{pEMdXG`9Jl@+Nu)I#a4Czl%~rMU1W~r?Hv^{`Si%0T6Om}(sNZ0BA_bs!
zBDwDDN7Vd43mv_@;Q1|<`#|sI)##>m($SVxtvS^?idLPymdhQsVspD8;#i2}ZJ6!K
zsXv6f-L!)icOrA8JiolSU@bj<l{dMDOI2fgd;r=U0p^29K0-2#<YOR_-dk^!No~bJ
zmk<M0Myj?~ZF#U2T-(~wlxRcT0z#;Puau?u8dN!h=IABKq@5clH#~W^-89ZH_Aw^o
z-0DE%-^5vP6m{AmJ;3;q7$6_Vh%rjyxXQ#a0hot?Kg0yYS62x^A7a2vVt`}ppYUkn
zLg&pcpd~u8X`1{3YFq>Y08gEQD+XkRyRX5QW$v8=H6MY$BUuETkD?tthLew>;bSmy
zYW^vbt4PpUCos#UzU`kbP5(UTi%UTI(Ho}2fK+GVY@E)ql_G{!A*~Fn(18qv>IeBf
zgy#kJx=<S+%dl2}T-*XK*Cjs5lyn^Hf&}>B_;cVmUSirBVLBjTl=9M(&KRbMBZAzf
z&-QazMRTsmHCvvSxM&C_N4?AANxqKbFz=<+^*9}p;Utawhx5`4o*0NzFUBJ;Cny{P
z(C_ie*tz*zgtZ6^3qnn*K$;B4DFRgL-0XAoxh7H%t6(Md@UPJMZ#~>Y2rIB0$}s{v
zz!8BaGg5@G;`S=H_$iP=<sd=v7iI!V1AtQY|3@jVUkKubaVW6;2*!zlV<Y3e<m?|$
z5tfe;=AVH(^Xh4skMryl;5T|`^(RGt>3#$z#Wf&*gC1&R5(bwr45rQsgMTudUO+Gy
zFenz_6JG!c;0l75jsT9{K<+As&_^1mhjLegV_FLIt`R~Kb~B8|#SN||YAe{9xC<u-
z+KQA~!>&eh(`iQoE31p^4_`dSgC)|OX4Pj7$6HUNF?Sm>5Kcl{II}a+1rgXyW^-n3
z&dwx?pyS{VN6CYgs$!sV3+m;mnpGLFtn>`p08N3X7?!82Qs>Gk2c?RoyouMCrrmHX
zD>5ys;j@;9?W|?(wQMgLNnp-^J^l%j9FogO5S_Tro>)$dG@gAN-HU$-tOszkNrqyK
z8AHaPaWNi);(QbJt^<kmnk{OcyBYh3<86@NK!QfjvK|@tlhuBWR||n>3!bD|Nui4T
E7p8XHqW}N^

literal 0
HcmV?d00001

diff --git a/ufile-auth-server-python/server/auth_server.py b/ufile-auth-server-python/server/auth_server.py
new file mode 100644
index 0000000..4986995
--- /dev/null
+++ b/ufile-auth-server-python/server/auth_server.py
@@ -0,0 +1,55 @@
+import json
+
+from flask import Flask
+from flask import request
+from server.authroization import Authroizator
+
+app = Flask(__name__)
+
+
+@app.route('/applyAuth', methods=['POST'])
+def applyAuth():
+    error = None
+    print("[request]:%s" % request)
+    headers = request.headers
+    print("[headers]:%s" % headers)
+    data = request.get_data()
+    print("[body]:%s" % data)
+
+    checkRes = checkRequestParams(data)
+    if not checkRes[0]:
+        return checkRes[1]
+    json_data = checkRes[1]
+    auth = Authroizator(json_data)
+
+    return auth.calculateAuthSignature()
+
+
+@app.route('/applyPrivateUrlAuth', methods=['POST'])
+def applyPrivateUrlAuth():
+    error = None
+    print("[request]:%s" % request)
+    headers = request.headers
+    print("[headers]:%s" % headers)
+    data = request.get_data()
+    print("[body]:%s" % data)
+
+    checkRes = checkRequestParams(data)
+    if not checkRes[0]:
+        return checkRes[1]
+    json_data = checkRes[1]
+    auth = Authroizator(json_data)
+
+    return auth.calculatePrivateUrlAuthroization()
+
+
+def checkRequestParams(data):
+    # 参数为空
+    if data is None or data == b'':
+        return False, "Request body is null!"
+
+    return True, json.loads(data.decode('utf-8'))
+
+
+if __name__ == '__main__':
+    app.run(host='localhost', port='8000', debug=True)
diff --git a/ufile-auth-server-python/server/authroization.py b/ufile-auth-server-python/server/authroization.py
new file mode 100644
index 0000000..a47f40e
--- /dev/null
+++ b/ufile-auth-server-python/server/authroization.py
@@ -0,0 +1,91 @@
+import base64
+import hmac
+from hashlib import sha1
+
+PUBLIC_KEY = 'Kf6owXtNZSimr0rR7w9ew6Iclm1w73QB8+jUkiV7hXgBYtV5BNWN1LlNUko='
+PRIVATE_KEY = '9K91tK7hcpCFL+90HwVk8lGUwJrqqjzfUouDD47RLrs9f1Umt4gXx7LWwB4kE7um'
+
+
+class Authroizator:
+    json_data = {}
+
+    def __init__(self, json_data):
+        self.json_data = json_data
+        print("[json_data]:%s" % self.json_data)
+
+    def calculateAuthSignature(self):
+        check = self.__checkAuthRequiredParams()
+        if not check[0]:
+            return check[1]
+
+        method = self.json_data.get('method')
+        bucket = self.json_data.get('bucket')
+        content_type = self.json_data.get('content_type')
+        if content_type is None:
+            content_type = ''
+        content_md5 = self.json_data.get('content_md5')
+        if content_md5 is None:
+            content_md5 = ''
+        date = self.json_data.get('date')
+        if date is None:
+            date = ''
+        key = self.json_data.get('key')
+        if key is None:
+            key = ''
+        content = method + '\n' + content_md5 + '\n' + content_type + '\n' + date + '\n'
+        content += '/' + bucket + '/' + key
+
+        signature = self.__signature(content)
+        return 'UCloud ' + PUBLIC_KEY + ':' + signature
+
+    def calculatePrivateUrlAuthroization(self):
+        check = self.__checkPrivateUrlAuthRequiredParams()
+        if not check[0]:
+            return check[1]
+
+        method = self.json_data.get('method')
+        bucket = self.json_data.get('bucket')
+        key = self.json_data.get('key')
+        expires = str(self.json_data.get('expires'))
+        content = method + '\n\n\n' + expires + '\n'
+        content += '/' + bucket + '/' + key
+
+        return self.__signature(content)
+
+    def __checkAuthRequiredParams(self):
+        if self.json_data is None:
+            return False, "Request body json is null"
+
+        method = self.json_data.get('method')
+        if method is None or method == '':
+            return False, "'method' is required!"
+        bucket = self.json_data.get('bucket')
+        if bucket is None or bucket == '':
+            return False, "'bucket' is required!"
+
+        return True, ''
+
+    def __checkPrivateUrlAuthRequiredParams(self):
+        if self.json_data is None:
+            return False, "Request body json is null"
+
+        method = self.json_data.get('method')
+        if method is None or method == '':
+            return False, "'method' is required!"
+        bucket = self.json_data.get('bucket')
+        if bucket is None or bucket == '':
+            return False, "'bucket' is required!"
+        key = self.json_data.get('key')
+        if key is None or key == '':
+            return False, "'key' is required!"
+        expires = self.json_data.get('expires')
+        if expires is None or str(expires) == '':
+            return False, "'expires' is required!"
+
+        return True, ''
+
+    def __signature(self, content):
+        print(content)
+        hmac_res = hmac.new(PRIVATE_KEY.encode(), content.encode(), sha1).digest()
+
+        return base64.standard_b64encode(hmac_res).decode('utf-8')
diff --git a/ufile-auth-server-python/venv/pyvenv.cfg b/ufile-auth-server-python/venv/pyvenv.cfg
new file mode 100644
index 0000000..804227b
--- /dev/null
+++ b/ufile-auth-server-python/venv/pyvenv.cfg
@@ -0,0 +1,3 @@
+home = /usr/local/bin
+include-system-site-packages = true
+version = 3.7.2