Skip to content
/ secure-link-generator Public

SecureLink is a lightweight and flexible library for generating and verifying expirable signed URLs to control access to protected resources. It supports multiple backends, including Nginx Secure Link, CDNs, and custom web applications.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

muscodev/secure-link-generator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
securelink
securelink
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

📌 SecureLink

Expirable Signed URL Generator & API

SecureLink is a lightweight and flexible library for generating and verifying expirable signed URLs to control access to protected resources.

  • 📦 Library Mode – Use it as a Python package to generate secure URLs.
  • 🌍 API Mode – Deploy it as a FastAPI service to generate URLs via HTTP requests.

🚀 Features

  • ✅ Expirable Links – Set expiration time for secure access
  • ✅ Signed URLs – MD5
  • ✅ FastAPI API – Built-in API for generating & verifying links
  • ✅ Pluggable Architecture – Extendable for different signing strategies
  • ✅ Works with Any Server – Supports Nginx etc.

📦 Installation

Library Mode:

   pip install securelink

API Mode:

   
   pip install securelink[api]

🔧 Environment Variables

  • SECRET_KEY: Used for signing and validating secure links.

  • API_KEY: Used for API authentication if needed.

📝 Example Scenarios

Library Mode:

import time
import securelink.sign

secure_url = securelink.sign.generate_md5_base64_url(
    "http://127.0.0.1/secure/", "secret", 5, "127.0.0.1"
)

print("✅ Normal success validation:", securelink.sign.validate_md5_base64_url(secure_url, "secret", "127.0.0.1"))
print("❌ Invalid IP validation:", securelink.sign.validate_md5_base64_url(secure_url, "secret", "10.44.0.1"))
print("❌ Invalid secret validation:", securelink.sign.validate_md5_base64_url(secure_url, "wrong secret", "127.0.0.1"))

time.sleep(8)
print("⏳ Delayed validation:", securelink.sign.validate_md5_base64_url(secure_url, "secret", "127.0.0.1"))

🚀 Running as an API:

   uvicorn securelink.api:app
   INFO:     Started server process [2928]
   INFO:     Waiting for application startup.
   INFO:     Application startup complete.
   INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)

Once the API is running, you can access the interactive documentation at:

   http://127.0.0.1:8000/docs

📌 Nginx Configuration Example

location ^~ /secure/ {
    secure_link $arg_md5,$arg_expires;
    secure_link_md5 "$secure_link_expires$uri$remote_addr secret";

    if ($secure_link = "") {
        return 403;
    }

    if ($secure_link = "0") {
        return 410;
    }

    return 200;
}

📌 Notes

  • ✅ The signature includes the expiration time, requested resource path, and client IP (if provided).

  • ✅ The validation function ensures the signature is valid and the expiration time has not passed.

  • 🔑 The secret key must be the same for both generation and validation.

  • ⏳ The timestamp of Nginx and the URL signing app should be the same.

  • 🌐 (nginx) The link can be accessed only from the client IP that was used for signing.

  • 🔗 (nginx) Only the specified endpoint can be accessed using a single sign.

📜 License

This project is licensed under the MIT License. See the LICENSE file for details.

About

SecureLink is a lightweight and flexible library for generating and verifying expirable signed URLs to control access to protected resources. It supports multiple backends, including Nginx Secure Link, CDNs, and custom web applications.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages