bot-auth - pypi Package Compare versions

Comparing version 0.2.2 to 0.3.0

PKG-INFO

 Metadata-Version: 2.3
 Name: bot-auth
-Version: 0.2.2
+Version: 0.3.0
 Summary: A library to check for AI Bot Authentication using the latest HTTP header Signature.
@@ -214,3 +214,3 @@ Author: Atish Joottun, Thibault Meunier, Antonin Vlcek
 
-![GitHub License](https://img.shields.io/github/license/cloudflareresearch/web-bot-auth)
+![GitHub License](https://img.shields.io/github/license/cyberstormdotmu/bot-authentication)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
@@ -217,0 +217,0 @@

pyproject.toml

 [project]
 name = "bot-auth"
-version = "0.2.2"
+version = "0.3.0"
 description = "A library to check for AI Bot Authentication using the latest HTTP header Signature."
@@ -5,0 +5,0 @@ readme = "README.md"

README.md

 # Web Bot Auth Python
 
-![GitHub License](https://img.shields.io/github/license/cloudflareresearch/web-bot-auth)
+![GitHub License](https://img.shields.io/github/license/cyberstormdotmu/bot-authentication)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
@@ -5,0 +5,0 @@

src/bot_auth/__init__.py

@@ -7,5 +7,7 @@ """
 
-__version__ = "0.1.0"
+__version__ = "0.3.0"
 
 import base64
+import hashlib
+import json
 import requests
@@ -53,5 +55,2 @@ import time
     - get_header()-> dict[str, str]
-
-    @info:
-    © 2025 Atish Joottun
     """
@@ -62,3 +61,3 @@
         localKeys,
-        signAgent="http-message-signatures-example.research.cloudflare.com",
+        signAgent=None,
     ):
@@ -124,2 +123,20 @@ self.localKeys = localKeys
 
+    def _public_key_to_jwk_thumbprint(self, public_key):
+        """
+        Compute the base64url JWK SHA-256 Thumbprint for an Ed25519 public key.
+        """
+        # JWK Thumbprint according to RFC 7638, base64url with padding and sha256
+
+        jwk_dict = {
+            "crv": "Ed25519",
+            "kty": "OKP",
+            "x": self._base64_encode_bytes(public_key.public_bytes_raw()),
+        }
+
+        jwk_json = json.dumps(jwk_dict, separators=(",", ":"), sort_keys=True)
+        sha256_hash = hashlib.sha256(jwk_json.encode("utf-8")).digest()
+        thumbprint = base64.urlsafe_b64encode(sha256_hash).decode("ascii")
+
+        return thumbprint
+
     # def _jwk_to_public_key_bytes(self, jwk):
@@ -140,3 +157,4 @@ #     private_key = self.jwk_to_private_key(jwk)
 
-        resolver = SingleKeyResolver(self._jwt_to_private_key(selected_key))
+        private_key = self._jwt_to_private_key(selected_key)
+        resolver = SingleKeyResolver(private_key)
         signer = HTTPMessageSigner(
@@ -149,2 +167,3 @@ signature_algorithm=algorithms.ED25519, key_resolver=resolver
 
+        headers = {"Signature-Agent": self.signAgent} if self.signAgent else {}
         request = requests.Request(
@@ -154,18 +173,24 @@ "GET",
             headers={
-                "Signature-Agent": self.signAgent,
+                **headers,
             },
         )
+
+        key_id = self._public_key_to_jwk_thumbprint(private_key.public_key())
+        covered_components = (
+            ("@authority", "signature-agent") if self.signAgent else ["@authority"]
+        )
         signer.sign(
             request,
-            key_id="compute-jwk-thumbprint",
-            covered_component_ids=("@authority", "signature-agent"),
+            key_id=key_id,
+            covered_component_ids=covered_components,
             created=created,
             expires=expires,
             tag="web-bot-auth",
+            label="sig1",
         )
 
         header = {
-            "Signature-Agent": request.headers["Signature-Agent"],
             "Signature-Input": request.headers["Signature-Input"],
             "Signature": request.headers["Signature"],
+            **headers,
         }
@@ -172,0 +197,0 @@

Alert delta unavailable

Currently unable to show alert delta for PyPI packages.

Improved metrics

Total package byte prevSize

35149

2.47%

Lines of code

160

15.11%