--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/AuthTokenGenerator.py	Fri Mar 23 16:33:53 2012 +0100
@@ -0,0 +1,84 @@
+from OFS.SimpleItem import SimpleItem
+from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from OFS.PropertyManager import PropertyManager
+
+import datetime
+import hashlib
+import json
+
+
+ZERO = datetime.timedelta(0)
+class Utc(datetime.tzinfo):
+    def utcoffset(self, dt):
+        return ZERO
+
+    def tzname(self, dt):
+        return "UTC"
+
+    def dst(self, dt):
+        return ZERO
+UTC = Utc()
+
+
+class AuthTokenGenerator(SimpleItem, PropertyManager):
+    """Generator of auth tokens for OKFN Annotator"""
+    
+    meta_type = 'AuthTokenGenerator'
+    _properties=({'id':'consumer_key', 'type': 'string', 'mode': 'w'},
+                 {'id':'consumer_secret', 'type': 'string', 'mode': 'w'},
+                )
+    
+    manage_options = PropertyManager.manage_options + SimpleItem.manage_options
+
+    # Only change this if you're sure you know what you're doing
+    consumerTtl = 86400
+
+    def __init__(self, id, consumerKey=None, consumerSecret=None):
+        """init document viewer"""
+        self.id=id
+        self.consumer_key = consumerKey
+        self.consumer_secret = consumerSecret
+
+    def index_html(self, user='anonymous', password=None):
+        """returns authentication token for user"""
+        if self._token_allowed():
+            token = self._generate_token(user)
+            self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json")
+            origin = self.REQUEST.getHeader("Origin", None)
+            if origin is not None:
+                self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin)
+            else:
+                self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*")
+
+            self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true")
+            json.dump(token, self.REQUEST.RESPONSE)
+        else:
+            self.REQUEST.RESPONSE.setStatus('Forbidden')
+            return "SORRY, NOT ALLOWED!" 
+
+    def _token_allowed(self, user=None, password=None):
+        # here we should check the login
+        return True
+
+    def _generate_token(self, user_id):
+        #return JSON-token
+        issue_time = datetime.datetime.now(UTC).isoformat()
+        token = hashlib.sha256(self.consumer_secret + user_id + issue_time).hexdigest()
+    
+        return dict(
+            consumerKey=self.consumer_key,
+            authToken=token,
+            authTokenIssueTime=issue_time,
+            authTokenTTL=self.consumerTtl,
+            userId=user_id
+        )
+
+def manage_addAuthTokenGeneratorForm(self):
+    """form for adding AuthTokenGenerator"""
+    pt = PageTemplateFile("zpt/manage_addAuthTokenGenerator", globals()).__of__(self)
+    return pt()
+
+def manage_addAuthTokenGenerator(context, id, consumerKey=None, consumerSecret=None):
+    """ """
+    context._setObject(id, AuthTokenGenerator(id, consumerKey=consumerKey, consumerSecret=consumerSecret))
+    return "AuthTokenGenerator Installed: %s" % id