5 from hashlib import sha256
8 FILEPCIKER_SECRET = os.environ['FILEPCIKER_SECRET']
10 def encode_fp_policy(policy):
11 """ Return URL-safe Base64 encoded JSON Filepicker policy. """
12 # Validate the JSON before trying to sign it and send it off to FP. It'll
13 # be easier to trap exceptions in Python than read errors out of FP.
15 # drop an exception bomb if the policy is not valid JSON.
16 pypolicy = json.loads(policy)
17 # ensure expiry is included. drop excepbomb if it isn't.
20 # https://developers.inkfilepicker.com/docs/security/#signPolicy
22 return base64.urlsafe_b64encode(policy)
24 def sign_fp_policy(policy):
25 """ Return a signature appropriate for the given encoded policy. """
26 # https://developers.inkfilepicker.com/docs/security/#signPolicy
28 engine = hmac.new(FILEPCIKER_SECRET, digestmod=sha256)
30 return engine.hexdigest()