o £ý¸iÞã@s6dZddlmZddlZddlmZGdd„dƒZdS)zÜRequest signature validation helpers. The implementation is intentionally light. It provides a stable interface for future HMAC or signed webhook validation without imposing a specific auth scheme on the existing apps. é)Ú annotationsN)Úsha256c@seZdZdZd d d „Zd S) ÚSignatureValidatorz=Validate signed requests using a shared-secret HMAC contract.ÚpayloadÚbytesÚprovided_signatureú str | NoneÚsecretÚreturnÚboolcCs8|r|r|sdSt | d¡|t¡ ¡}t || ¡¡S)zàReturn ``True`` when the provided signature matches the payload. Empty signatures are treated as invalid so callers can decide whether the endpoint requires signatures or supports anonymous traffic. Fzutf-8)ÚhmacÚnewÚencoderÚ hexdigestÚcompare_digestÚstrip)Úselfrrr Úexpected©rú'platform/gateway/signature_validator.pyÚvalidates zSignatureValidator.validateN)rrrrr rr r )Ú__name__Ú __module__Ú __qualname__Ú__doc__rrrrrrsr)rÚ __future__rr ÚhashlibrrrrrrÚs