I am looking for some advice on the recommended way of achieving the following.
I need to sign Amazon Simple Database (SDB) queries with our Amazon Web Services credentials before forwarding them to upstream Amazon's SDB servers.
The proxying behaviour will be taken care of by the proxy module but I'm not sure how to implement the actual signing.
On first glance, it sounds similar to the module that performs this for Amazon S3 requests. Unfortunately this doesn't work for SDB requests as the parameters in an SDB request are encoded in the arguments of the URI (...site.com/?SDBArg1=val1&SDBArg2=val2) whereas S3 parameters are passed as separate HTTP headers.
I have looked at the rewrite module but the URI can only be manipulated using regular expressions and the processing I need to do is more complex than what the rewrite module can achieve ie.
1 Parse and decode the URI args to an SDB args list
2 Add several args to the SDB args list
3 Sort SDB args list
4 Generate a SHA message digest of the SDB args list using a user supplied variable as a key - the Base64 encoding of this is the signature.
5 Append the signature to the SDB args list
6 Regenerate the URI args
7 Forward it to the upstream
I believe I might be able to do using imbedded Python and writing the logic as script and integrating it via the rewrite module - but I don't know Python (I'm a C/C++ dev) and I'm also not in a position to know whether this solution would scale satisfactorily - so this is not my preferred option.
What I need to know is what approach I should take to solving this with minimal effort ie. is there a way of creating a filter that layers before or after the proxy module which does this work.