import http.server import json from ecdsa import VerifyingKey, NIST384p user_and_tokens = { "user1": ecdsa_public_key_from_user1 } class RequestHandler(http.server.BaseHTTPRequestHandler): def do_POST(self): if self.path == '/auth': content_length = int(self.headers['Content-Length']) request_data = json.loads(self.rfile.read(content_length)) # Check the JSON post data for the required fields if 'person' not in request_data or 'signature' not in request_data: self.send_response(400) self.end_headers() return person = request_data['person'] signature = request_data['signature'] # Check the person data for the required fields if 'user' not in person or 'token' not in person: self.send_response(400) self.end_headers() return user = person['user'] token = person['token'] # Check the signature data for the required fields if 'signature' not in signature or 'curve' not in signature: self.send_response(400) self.end_headers() return sig = signature['signature'] curve = signature['curve'] # Verify the signature using the provided public key vk = VerifyingKey.from_string(pre_delivered_public_key, curve=getattr(NIST384p, curve)) if vk.verify(sig, user + token): print("allow") self.send_response(200)