| 107 | |
| 108 | @staticmethod |
| 109 | def _get_unverified_token_data(token: bytes | str) -> tuple[int, bytes]: |
| 110 | if not isinstance(token, (str, bytes)): |
| 111 | raise TypeError("token must be bytes or str") |
| 112 | |
| 113 | try: |
| 114 | data = base64.urlsafe_b64decode(token) |
| 115 | except (TypeError, binascii.Error): |
| 116 | raise InvalidToken |
| 117 | |
| 118 | if not data or data[0] != 0x80: |
| 119 | raise InvalidToken |
| 120 | |
| 121 | if len(data) < 9: |
| 122 | raise InvalidToken |
| 123 | |
| 124 | timestamp = int.from_bytes(data[1:9], byteorder="big") |
| 125 | return timestamp, data |
| 126 | |
| 127 | def _verify_signature(self, data: bytes) -> None: |
| 128 | h = HMAC(self._signing_key, hashes.SHA256()) |