nathanb/sasa-membership
1
0
Fork 0
forked from jamesp/sasa-membership
Code Pull Requests Activity

stuff changed:

Browse Source 
- ui has been made 'kinda better' (after making it worse for a while lol
- ESP rfid readers are now supported [ill upload the code for them in another repo later]
- admin system has been secured a bit better and seems to be working well
This commit is contained in:
nathanb
2026-05-08 20:46:58 +01:00
parent 1a0b4dc25d
commit d024bf7fa3
32 changed files with 7480 additions and 2740 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/core/security.py
+26 -2
View File
@@ -1,10 +1,14 @@
import hashlib
import hmac
from datetime import datetime, timedelta
from typing import Optional, Union, Any
from jose import JWTError, jwt
from passlib.context import CryptContext
from .config import settings
from .datetime import utc_now
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
MACHINE_TOKEN_PREFIX = "sha256$"
def create_access_token(
@@ -12,9 +16,9 @@ def create_access_token(
) -> str:
"""Create JWT access token"""
if expires_delta:
expire = datetime.utcnow() + expires_delta
expire = utc_now() + expires_delta
else:
expire = datetime.utcnow() + timedelta(
expire = utc_now() + timedelta(
minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES
)
@@ -33,6 +37,26 @@ def get_password_hash(password: str) -> str:
return pwd_context.hash(password)
def get_machine_token_hash(token: str) -> str:
"""Hash a machine token for fast constant-time verification."""
digest = hashlib.sha256(token.encode("utf-8")).hexdigest()
return f"{MACHINE_TOKEN_PREFIX}{digest}"
def verify_machine_token(token: str, stored_hash: str) -> bool:
"""Verify a machine token, supporting legacy bcrypt hashes during migration."""
if not stored_hash:
return False
if stored_hash.startswith(MACHINE_TOKEN_PREFIX):
expected_hash = get_machine_token_hash(token)
return hmac.compare_digest(expected_hash, stored_hash)
return verify_password(token, stored_hash)
def is_machine_token_hash(stored_hash: str | None) -> bool:
return bool(stored_hash and stored_hash.startswith(MACHINE_TOKEN_PREFIX))
def decode_token(token: str) -> Optional[str]:
"""Decode JWT token and return subject"""
try: