Instalation

Install package:

pip install djangohmac

Middleware

To secure all your app with HMAC you can use a middleware.

MIDDLEWARE_CLASSES = (
    # ...
    'djangohmac.middleware.HmacMiddleware',
)

Note

Middleware is applied on all views except the admin!

Decorators

You can specify views which are protected by HMAC by using decorators. You can also pass list of services which have access to the view. If the list is not given all services defined in settings have access.

class SignedView(View):

    @decorators.auth()
    def get(self, request):
        return HttpResponse("For all services")

    @decorators.auth(only=['serviceA'])
    def post(self, request):
        return HttpResponse("Only for service A")

Settings

Single key:

HMAC_SECRET = 'HMAC_SECRET'

Multiple keys:

HMAC_SECRETS = {
    'serviceA': 'HMAC_SERVICE_A_SECRET',
    'serviceB': 'HMAC_SERVICE_B_SECRET'
}

Other settings:

• HMAC_HEADER: HTTP header where signature is stored (Default: Signature)
• HMAC_DIGESTMOD: Digest mod (Default: hashlib.sha256)
• HMAC_DISABLE: Disable or enable HMAC True/False (Default: Enabled)