Improvements for 0.5.0

Author: benmod

README.md

@@ -244,6 +244,8 @@ It provides the following methods:
 - `is_auth_valid()`: Returns `true` if the authentication provided is valid or `false` if not. Note that it checks both that the signature is valid and that the `request_count` or `timestamp` are more recent than the one provided in the device parameters. 
 - `get_simple_metrics()`: Returns the metrics provided in the simple expanded format. It will also convert relative timestamps into explicit timestamps for easier processing. 
 - `get_data_timestamp()`: Returns the timestamp of the data, either the `data_collection_timestamp` if available or the timestamp `timestamp` or the time of the request as fallback. 
+- `get_request_timestamp()`: This is the `timestamp` that was explicitely set in the request and was signed, used to avoid replay attacks. It might be different from the data timestamp. 
+- `get_request_count()`: This is the `request_count` set in the request and was signed, used to avoid replay attacks. 
 - `get_token_count()`: Returns the token count provided in the request (if any). 
 - `expects_token_answer()`: Return `true` if the payload requested tokens in the answer. You can set the tokens to be returned by calling `add_tokens_to_answer(token_list)` with `token_list` being a list of token strings. 
 - `expects_time_answer()`: Return `true` if the payload requested either relative time or absolute time in the answer. You can set the time to be returned by calling `add_time_to_answer(target_datetime)` with `target_datetime` being a datetime object. The function will automatically provide it in the correct format based on the request.  
@@ -298,13 +300,22 @@ def device_data():
     metrics.add_time_to_answer(device.expiration_datetime)
   # We can add extra data
   metrics.add_settings_to_answer({'language': 'fr-FR'})
+  # We update the request timestamp or the count if provided to be able to reject duplicate or replay requests
+  if metrics.get_request_count(): 
+    device.last_request_count = metrics.get_request_count()
+  if metrics.get_request_timestamp(): 
+    device.last_request_timestamp = metrics.get_request_timestamp()
   # The handler handles the signature, etc.
   return metrics.get_answer_payload(), 200
 ```
 
 
 ## Changelog
 
+### 2023-10-12 - v0.5.0
+- Added convenience functions for accessing the current request count and request timestamp
+- Improved documentation on how to avoid replay attacks
+
 ### 2023-10-12 - v0.4.0
 - Added convenience functions for accessing token count and data timestamp
 - Added automatic verification of last request count or timestamp during auth

openpaygo/metrics_response.py

@@ -11,6 +11,7 @@ def __init__(self, received_metrics, data_format=None, secret_key=None, last_req
         # We convert the base variable names to simple
         self.request_dict = OpenPAYGOMetricsShared.convert_dict_keys_to_simple(self.request_dict)
         # We add the reception timestamp if not timestamp was provided
+        self.request_timestamp = self.request_dict.get('timestamp')
         if not self.request_dict.get('timestamp'):
             self.timestamp = int(datetime.now().timestamp())
         else:
@@ -73,7 +74,13 @@ def get_simple_metrics(self):
         return simple_dict
 
     def get_data_timestamp(self):
-        return self.request_dict.get('data_collection_timestamp', self.request_dict.get('timestamp'))
+        return self.request_dict.get('data_collection_timestamp', self.timestamp)
+    
+    def get_request_timestmap(self):
+        return self.request_timestamp
+    
+    def get_request_count(self):
+        return self.request_dict.get('request_count')
 
     def get_token_count(self):
         data = self._get_simple_data()

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = openpaygo
-version = 0.4.0
+version = 0.5.0
 url = https://github.com/EnAccess/OpenPAYGO-python/
 description-file=README.md
 license_files=LICENSE

setup.py

@@ -4,7 +4,7 @@
 setup(
     name="openpaygo", 
     packages=find_packages(),
-    version='0.4.0',
+    version='0.5.0',
     license='MIT',
     author="Solaris Offgrid",
     url='https://github.com/EnAccess/OpenPAYGO-python/',