feat: Implement external generation import API secured by HMAC-SHA256 signature verification.

tests/test_external_import.py

@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""
+Test script for external generation import API.
+This script demonstrates how to call the import endpoint with proper HMAC signature.
+"""
+
+import hmac
+import hashlib
+import json
+import requests
+import base64
+import os
+from dotenv import load_dotenv
+
+load_dotenv()
+
+# Configuration
+API_URL = "http://localhost:8090/api/generations/import"
+SECRET = os.getenv("EXTERNAL_API_SECRET", "your_super_secret_key_change_this_in_production")
+
+# Sample generation data
+generation_data = {
+    "prompt": "A beautiful sunset over mountains",
+    "tech_prompt": "High quality landscape photography",
+    "image_url": "https://picsum.photos/512/512",  # Sample image URL
+    # OR use base64:
+    # "image_data": "base64_encoded_image_string_here",
+    "aspect_ratio": "9:16",
+    "quality": "1k",
+    "created_by": "external_user_123",
+    "execution_time_seconds": 5.2,
+    "token_usage": 1000,
+    "input_token_usage": 200,
+    "output_token_usage": 800
+}
+
+# Convert to JSON
+body = json.dumps(generation_data).encode('utf-8')
+
+# Compute HMAC signature
+signature = hmac.new(
+    SECRET.encode('utf-8'),
+    body,
+    hashlib.sha256
+).hexdigest()
+
+# Make request
+headers = {
+    "Content-Type": "application/json",
+    "X-Signature": signature
+}
+
+print(f"Sending request to {API_URL}")
+print(f"Signature: {signature}")
+
+try:
+    response = requests.post(API_URL, data=body, headers=headers)
+    print(f"\nStatus Code: {response.status_code}")
+    print(f"Response: {json.dumps(response.json(), indent=2)}")
+except Exception as e:
+    print(f"Error: {e}")
+    if hasattr(e, 'response'):
+        print(f"Response text: {e.response.text}")