payfence 1.0.0__tar.gz

payfence-1.0.0/PKG-INFO

@@ -0,0 +1,9 @@
+Metadata-Version: 2.4
+Name: payfence
+Version: 1.0.0
+Summary: PayFence SDK for Python — API monetization middleware
+License: MIT
+Project-URL: Homepage, https://payfence.io
+Project-URL: Documentation, https://docs.payfence.io
+Keywords: payfence,api,monetization,middleware
+Requires-Python: >=3.8

payfence-1.0.0/README.md

@@ -0,0 +1,54 @@
+# payfence
+
+Python SDK for API monetization via [PayFence](https://payfence.io).
+
+## Install
+
+```bash
+pip install payfence
+```
+
+## ASGI Middleware (FastAPI / Starlette)
+
+```python
+from fastapi import FastAPI
+from payfence import PayFenceMiddleware
+
+app = FastAPI()
+app.add_middleware(PayFenceMiddleware, api_key="your_site_api_key")
+```
+
+## Direct Authorize Call
+
+```python
+from payfence import authorize
+
+decision = authorize(
+    api_key="your_site_api_key",
+    token="pf_live_xxx",
+    method="GET",
+    path="/api/search",
+)
+
+if decision["decision"] == "allow":
+    # serve the request
+    pass
+```
+
+## HMAC Verification (Proxy Mode)
+
+```python
+from payfence import verify_signature
+
+valid = verify_signature(
+    secret="your_origin_secret",
+    method=request.method,
+    path=request.url.path,
+    timestamp=request.headers["x-payfence-timestamp"],
+    request_id=request.headers["x-payfence-request-id"],
+    body=await request.body(),
+    signature=request.headers["x-payfence-signature"],
+)
+```
+
+Zero external dependencies — uses only Python stdlib.

payfence-1.0.0/payfence/__init__.py

@@ -0,0 +1,5 @@
+from .client import authorize
+from .middleware import PayFenceMiddleware
+from .hmac_verify import verify_signature
+
+__all__ = ["authorize", "PayFenceMiddleware", "verify_signature"]

payfence-1.0.0/payfence/client.py

@@ -0,0 +1,30 @@
+import json
+import uuid
+from urllib.request import Request, urlopen
+from urllib.error import URLError
+from typing import Optional, Dict, Any
+
+
+def authorize(
+    api_key: str,
+    token: str,
+    method: str,
+    path: str,
+    request_id: Optional[str] = None,
+    base_url: str = "https://api.payfence.io",
+) -> Dict[str, Any]:
+    """Call PayFence authorize endpoint. Returns decision dict."""
+    url = f"{base_url.rstrip('/')}/v1/authorize"
+    payload = json.dumps({
+        "token": token,
+        "method": method,
+        "path": path,
+        "requestId": request_id or str(uuid.uuid4()),
+    }).encode()
+
+    req = Request(url, data=payload, method="POST")
+    req.add_header("Content-Type", "application/json")
+    req.add_header("Authorization", f"Bearer {api_key}")
+
+    with urlopen(req, timeout=10) as resp:
+        return json.loads(resp.read())

payfence-1.0.0/payfence/hmac_verify.py

@@ -0,0 +1,33 @@
+import hashlib
+import hmac
+import time
+from typing import Union
+
+
+def verify_signature(
+    secret: str,
+    method: str,
+    path: str,
+    timestamp: str,
+    request_id: str,
+    body: Union[str, bytes],
+    signature: str,
+    tolerance_seconds: int = 300,
+) -> bool:
+    """Verify a PayFence HMAC signature from proxy mode."""
+    try:
+        ts = int(timestamp)
+    except (ValueError, TypeError):
+        return False
+
+    if abs(time.time() - ts) > tolerance_seconds:
+        return False
+
+    if isinstance(body, str):
+        body = body.encode()
+
+    body_hash = hashlib.sha256(body).hexdigest()
+    canonical = f"{method}\n{path}\n{timestamp}\n{request_id}\n{body_hash}"
+    expected = hmac.new(secret.encode(), canonical.encode(), hashlib.sha256).hexdigest()
+
+    return hmac.compare_digest(signature, expected)

payfence-1.0.0/payfence/middleware.py

@@ -0,0 +1,83 @@
+import json
+import uuid
+import logging
+from typing import Optional, List, Callable
+from .client import authorize
+
+logger = logging.getLogger("payfence")
+
+
+class PayFenceMiddleware:
+    """ASGI middleware for PayFence authorization."""
+
+    def __init__(
+        self,
+        app,
+        api_key: str,
+        base_url: str = "https://api.payfence.io",
+        exclude_paths: Optional[List[str]] = None,
+        on_deny: Optional[Callable] = None,
+    ):
+        self.app = app
+        self.api_key = api_key
+        self.base_url = base_url
+        self.exclude_paths = exclude_paths or []
+        self.on_deny = on_deny
+
+    async def __call__(self, scope, receive, send):
+        if scope["type"] != "http":
+            return await self.app(scope, receive, send)
+
+        path = scope.get("path", "/")
+
+        # Skip excluded paths
+        if any(path.startswith(p) for p in self.exclude_paths):
+            return await self.app(scope, receive, send)
+
+        # Extract bearer token from headers
+        headers = dict(scope.get("headers", []))
+        auth = headers.get(b"authorization", b"").decode()
+        token = auth[7:] if auth.startswith("Bearer ") else ""
+
+        if not token:
+            return await self._send_deny(send, {"decision": "deny", "reason": "payment_required", "message": "Missing Bearer token"})
+
+        try:
+            request_id = headers.get(b"x-request-id", b"").decode() or str(uuid.uuid4())
+            method = scope.get("method", "GET")
+
+            decision = authorize(
+                api_key=self.api_key,
+                token=token,
+                method=method,
+                path=path,
+                request_id=request_id,
+                base_url=self.base_url,
+            )
+
+            if decision.get("decision") == "allow":
+                # Attach decision to scope for downstream access
+                scope["payfence"] = decision
+                return await self.app(scope, receive, send)
+
+            # Deny
+            if self.on_deny:
+                return await self.on_deny(scope, receive, send, decision)
+            return await self._send_deny(send, decision)
+
+        except Exception as e:
+            # Fail open
+            logger.warning(f"PayFence authorize failed, failing open: {e}")
+            return await self.app(scope, receive, send)
+
+    async def _send_deny(self, send, decision):
+        body = json.dumps(decision).encode()
+        await send({
+            "type": "http.response.start",
+            "status": 402,
+            "headers": [[b"content-type", b"application/json"]],
+        })
+        await send({
+            "type": "http.response.body",
+            "body": body,
+        })

payfence-1.0.0/payfence.egg-info/PKG-INFO

@@ -0,0 +1,9 @@
+Metadata-Version: 2.4
+Name: payfence
+Version: 1.0.0
+Summary: PayFence SDK for Python — API monetization middleware
+License: MIT
+Project-URL: Homepage, https://payfence.io
+Project-URL: Documentation, https://docs.payfence.io
+Keywords: payfence,api,monetization,middleware
+Requires-Python: >=3.8

payfence-1.0.0/payfence.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+README.md
+pyproject.toml
+payfence/__init__.py
+payfence/client.py
+payfence/hmac_verify.py
+payfence/middleware.py
+payfence.egg-info/PKG-INFO
+payfence.egg-info/SOURCES.txt
+payfence.egg-info/dependency_links.txt
+payfence.egg-info/top_level.txt

payfence-1.0.0/payfence.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

payfence-1.0.0/payfence.egg-info/top_level.txt

@@ -0,0 +1 @@
+payfence

payfence-1.0.0/pyproject.toml

@@ -0,0 +1,15 @@
+[build-system]
+requires = ["setuptools>=68.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "payfence"
+version = "1.0.0"
+description = "PayFence SDK for Python — API monetization middleware"
+license = {text = "MIT"}
+requires-python = ">=3.8"
+keywords = ["payfence", "api", "monetization", "middleware"]
+
+[project.urls]
+Homepage = "https://payfence.io"
+Documentation = "https://docs.payfence.io"

payfence-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+