sig_test.py

import base64
import hashlib
import struct
import hmac

# encode
# https://docs.python.org/3/library/struct.html
STRUCT_FORMAT = '!QQQB'
packed = struct.pack(STRUCT_FORMAT, MESSAGE_ID, CHANNEL_ID, AUTHOR_ID, SCOPE)
print(packed)
print(len(packed))
b64_data = base64.b64encode(packed)
print(b64_data)

# sign
# https://docs.python.org/3/library/hmac.html
HASH_ALG = hashlib.sha1  # technically insecure, but if someone is spending CPU power to spoof their rolls, like, ok
signature = hmac.new(SECRET, packed + SECRET, HASH_ALG)
b64_signature = base64.b64encode(signature.digest())
print(signature.hexdigest())
print(b64_signature)

# output
sig = f"{b64_data.decode()}.{b64_signature.decode()}"
print(f"full sig: {sig}")

# decode
encoded_data, encoded_signature = sig.split('.')
decoded = base64.b64decode(encoded_data.encode())
unpacked = struct.unpack(STRUCT_FORMAT, decoded)
print(unpacked)

# verify
verify_signature = hmac.new(SECRET, decoded + SECRET, HASH_ALG)
print(base64.b64encode(verify_signature.digest()))
print(hmac.compare_digest(base64.b64decode(encoded_signature.encode()), verify_signature.digest()))