import hmac
import hashlib
import base64
import time
import json
import requests

SECRET = 'NovalonManageSystemSecretKey2026'

def generate_signature(method, path, query='', body='', timestamp=None, nonce=None):
    if timestamp is None:
        timestamp = int(time.time() * 1000)
    if nonce is None:
        nonce = f"{int(timestamp)}-{hash(time.time())}"
    
    string_to_sign = f"{method}\n{path}\n{query}\n{body}\n{timestamp}\n{nonce}"
    
    signature = hmac.new(
        SECRET.encode('utf-8'),
        string_to_sign.encode('utf-8'),
        hashlib.sha256
    ).digest()
    
    signature_base64 = base64.b64encode(signature).decode('utf-8')
    
    return signature_base64, timestamp, nonce

method = 'POST'
path = '/api/auth/login'
body = ''

signature, timestamp, nonce = generate_signature(method, path, body=body)

print(f"X-Signature: {signature}")
print(f"X-Timestamp: {timestamp}")
print(f"X-Nonce: {nonce}")

headers = {
    'Content-Type': 'application/json',
    'X-Signature': signature,
    'X-Timestamp': str(timestamp),
    'X-Nonce': nonce
}

response = requests.post('http://localhost:8080/api/auth/login', 
                        headers=headers, 
                        data='{"username":"admin","password":"admin123"}',
                        verify=False)

print(f"\nResponse Status: {response.status_code}")
print(f"Response Body: {response.text}")