inital commit, very early alpha stage

This commit is contained in:
2026-06-30 13:38:24 +02:00
parent f5530ad336
commit 70cf1a84ca
72 changed files with 14074 additions and 2 deletions

View File

@@ -0,0 +1,2 @@
"""Core configuration and security helpers."""

View File

@@ -0,0 +1,36 @@
from functools import lru_cache
from pathlib import Path
from pydantic_settings import BaseSettings, SettingsConfigDict
class Settings(BaseSettings):
model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", extra="ignore")
app_name: str = "GroupHome"
environment: str = "development"
dev_mode: bool = True
server_name: str = "GroupHome Local"
server_origin: str = "http://localhost:8000"
api_base_url: str = "http://localhost:8000/api"
frontend_origin: str = "http://localhost:5173"
database_url: str = "sqlite:///./grouphome.db"
session_secret: str = "dev-change-me"
session_cookie_name: str = "grouphome_session"
cookie_secure: bool = False
cors_origins: str = "http://localhost:5173,http://127.0.0.1:5173,http://localhost:4173"
upload_dir: Path = Path("./storage/uploads")
max_upload_bytes: int = 10 * 1024 * 1024
remote_request_timeout_seconds: float = 8.0
@property
def allowed_origins(self) -> list[str]:
return [origin.strip() for origin in self.cors_origins.split(",") if origin.strip()]
@lru_cache
def get_settings() -> Settings:
settings = Settings()
settings.upload_dir.mkdir(parents=True, exist_ok=True)
return settings

View File

@@ -0,0 +1,44 @@
from __future__ import annotations
import hashlib
import hmac
import re
import secrets
from datetime import UTC, datetime, timedelta
from pathlib import Path
from app.core.config import get_settings
def utc_now() -> datetime:
return datetime.now(UTC)
def token_urlsafe(length: int = 32) -> str:
return secrets.token_urlsafe(length)
def short_code(length: int = 6) -> str:
alphabet = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"
return "".join(secrets.choice(alphabet) for _ in range(length))
def hash_token(raw_token: str) -> str:
settings = get_settings()
return hmac.new(settings.session_secret.encode("utf-8"), raw_token.encode("utf-8"), hashlib.sha256).hexdigest()
def constant_time_equal(left: str, right: str) -> bool:
return hmac.compare_digest(left, right)
def session_expiry(days: int = 30) -> datetime:
return utc_now() + timedelta(days=days)
def sanitize_filename(filename: str) -> str:
cleaned = Path(filename).name.strip().replace("\x00", "")
cleaned = re.sub(r"[^A-Za-z0-9._ -]+", "_", cleaned)
cleaned = re.sub(r"\s+", " ", cleaned).strip(" .")
return cleaned[:180] or "upload.bin"