from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from django.contrib.auth.models import User
import hmac
 
class HMACAuthentication(BaseAuthentication):
    def authenticate(self, request):
        signature = request.META.get('HTTP_X_SIGNATURE')
        timestamp = request.META.get('HTTP_X_TIMESTAMP')
        
        if not signature or not timestamp:
            return None
        
        if not self.is_valid_timestamp(timestamp):
            raise AuthenticationFailed('Request expired')
        
        secret = self.get_user_secret(request)
        expected = hmac.new(
            secret.encode(),
            timestamp.encode(),
            hashlib.sha256
        ).hexdigest()
        
        if not hmac.compare_digest(signature, expected):
            raise AuthenticationFailed('Invalid signature')
        
        user = self.get_user_from_request(request)
        return (user, None)
 
    def is_valid_timestamp(self, timestamp):
        import time
        return abs(time.time() - float(timestamp)) < 300
 
    def get_user_secret(self, request):
        api_key = request.META.get('HTTP_X_API_KEY', '')
        return f'secret_{api_key}'
 
    def get_user_from_request(self, request):
        return User.objects.get(username='api_user')