chore: sync code and project files

2026-01-09 14:09:16 +08:00
parent 3d1fb37769
commit 30d7eb4b35
94 changed files with 12706 additions and 255 deletions
--- a/modules/auth.py
+++ b/modules/auth.py
@@ -0,0 +1,48 @@
+"""
+Auth helpers: password hashing + cookie token hashing.
+
+We intentionally avoid heavy dependencies. Password hashing uses PBKDF2-HMAC-SHA256.
+Session tokens are random and stored server-side as SHA256(token) hashes.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import secrets
+from typing import Optional, Tuple
+
+
+PBKDF2_ITERS = 200_000
+
+
+def hash_password(password: str, salt_hex: Optional[str] = None) -> Tuple[str, str]:
+    salt = bytes.fromhex(salt_hex) if salt_hex else secrets.token_bytes(16)
+    dk = hashlib.pbkdf2_hmac("sha256", (password or "").encode("utf-8"), salt, PBKDF2_ITERS)
+    return dk.hex(), salt.hex()
+
+
+def verify_password(password: str, password_hash: str, salt_hex: str) -> bool:
+    cand, _ = hash_password(password, salt_hex=salt_hex)
+    return cand == (password_hash or "")
+
+
+def new_session_token() -> str:
+    return secrets.token_urlsafe(32)
+
+
+def hash_token(token: str) -> str:
+    return hashlib.sha256((token or "").encode("utf-8")).hexdigest()
+
+
+
+
+
+
+
+
+
+
+
+
+
+