Done setup template
This commit is contained in:
1
backend/core/security/__init__.py
Normal file
1
backend/core/security/__init__.py
Normal file
@ -0,0 +1 @@
|
||||
from .security import *
|
||||
34
backend/core/security/hasher.py
Normal file
34
backend/core/security/hasher.py
Normal file
@ -0,0 +1,34 @@
|
||||
from functools import lru_cache
|
||||
from typing import Protocol
|
||||
import bcrypt
|
||||
|
||||
from backend.core.config import get_app_settings
|
||||
|
||||
|
||||
class Hasher(Protocol):
|
||||
def hash(self, password: str) -> str: ...
|
||||
|
||||
def verify(self, password: str, hashed: str) -> bool: ...
|
||||
|
||||
class FakeHasher:
|
||||
def hash(self, password: str) -> str:
|
||||
return password
|
||||
|
||||
def verify(self, password: str, hashed: str) -> bool:
|
||||
return password == hashed
|
||||
|
||||
class BcryptHasher:
|
||||
def hash(self, password: str) -> str:
|
||||
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
|
||||
|
||||
def verify(self, password: str, hashed: str) -> bool:
|
||||
return bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8'))
|
||||
|
||||
@lru_cache(maxsize=1)
|
||||
def get_hasher() -> Hasher:
|
||||
settings = get_app_settings()
|
||||
|
||||
if settings.TESTING:
|
||||
return FakeHasher()
|
||||
|
||||
return BcryptHasher()
|
||||
46
backend/core/security/security.py
Normal file
46
backend/core/security/security.py
Normal file
@ -0,0 +1,46 @@
|
||||
import secrets
|
||||
from datetime import datetime, timedelta, timezone
|
||||
from pathlib import Path
|
||||
|
||||
import jwt
|
||||
|
||||
from backend.core.config import get_app_settings
|
||||
from backend.core import root_logger
|
||||
from backend.core.security.hasher import get_hasher
|
||||
|
||||
ALGORITHM = "HS256"
|
||||
|
||||
logger = root_logger.get_logger("security")
|
||||
settings = get_app_settings()
|
||||
|
||||
def create_access_token(data: dict, expires_delta: timedelta | None = None) -> str:
|
||||
settings = get_app_settings()
|
||||
|
||||
to_encode = data.copy()
|
||||
expires_delta = expires_delta or timedelta(minutes=settings.EXP_TOKEN)
|
||||
|
||||
expire = datetime.now(timezone.utc) + expires_delta
|
||||
|
||||
to_encode["exp"] = expire
|
||||
return jwt.encode(to_encode, settings.SECRET, algorithm=ALGORITHM)
|
||||
|
||||
def create_refresh_token(data: dict) -> str:
|
||||
return create_access_token(data, expires_delta=timedelta(days=settings.EXP_REFRESH))
|
||||
|
||||
def create_file_token(file_path: Path) -> str:
|
||||
token_data = {"file": str(file_path)}
|
||||
return create_access_token(token_data, expires_delta=timedelta(minutes=30))
|
||||
|
||||
|
||||
def hash_password(password: str) -> str:
|
||||
"""Takes in a raw password and hashes it. Used prior to saving a new password to the database."""
|
||||
return get_hasher().hash(password)
|
||||
|
||||
|
||||
def url_safe_token() -> str:
|
||||
"""Generates a cryptographic token without embedded data. Used for password reset tokens and invitation tokens"""
|
||||
return secrets.token_urlsafe(24)
|
||||
|
||||
def verify_token(exp: int):
|
||||
expried = datetime.fromtimestamp(exp / 1e3)
|
||||
return expried < datetime.now(timezone.utc)
|
||||
Reference in New Issue
Block a user