import hmac
  import hashlib
  from flask import request, jsonify
  from functools import wraps
  from config import Config
  
  def hmac_validator_required(f):
      """
      HMAC验证装饰器
      验证来自Shoplazza的请求是否有效
      """
      @wraps(f)
      def decorated_function(*args, **kwargs):
          # 获取查询参数
          query_params = request.args.to_dict()
          hmac_param = query_params.pop('hmac', None)
          
          if not hmac_param:
              return jsonify({'error': 'Missing HMAC parameter'}), 400
          
          # 验证shop参数格式
          shop = query_params.get('shop')
          if not shop or not shop.endswith('.myshoplaza.com'):
              return jsonify({'error': 'Invalid shop parameter'}), 400
          
          # 构建验证消息
          sorted_keys = sorted(query_params.keys())
          message = '&'.join([f"{key}={query_params[key]}" for key in sorted_keys])
          
          # 计算HMAC
          calculated_hmac = hmac.new(
              Config.CLIENT_SECRET.encode('utf-8'),
              message.encode('utf-8'),
              hashlib.sha256
          ).hexdigest()
          
          # 安全比较HMAC
          if not hmac.compare_digest(calculated_hmac, hmac_param):
              return jsonify({'error': 'HMAC validation failed'}), 403
          
          return f(*args, **kwargs)
      
      return decorated_function
  
  def verify_webhook_hmac(data, hmac_header):
      """
      验证Webhook的HMAC签名
      """
      import base64
      
      calculated_hmac = base64.b64encode(
          hmac.new(
              Config.CLIENT_SECRET.encode('utf-8'),
              data,
              hashlib.sha256
          ).digest()
      ).decode('utf-8')
      
      return hmac.compare_digest(calculated_hmac, hmac_header)