add-ideas/multi-seal-mail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added backends, improved templating, rbac

Browse Source
This commit is contained in:
Albrecht Degering
2026-06-10 14:40:22 +02:00
parent d9ca48addc
commit ce43f2658f
28 changed files with 1183 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/app/security/api_keys.py
View File

@@ -4,11 +4,12 @@ import hashlib
import hmac
import secrets
from dataclasses import dataclass
from datetime import datetime, timezone
from datetime import datetime
from sqlalchemy.orm import Session
from app.db.models import ApiKey, User
from app.security.time import ensure_aware_utc, utc_now
API_KEY_PREFIX_LENGTH = 12
API_KEY_RANDOM_BYTES = 32
@@ -64,9 +65,10 @@ def create_api_key(
def authenticate_api_key(session: Session, secret: str) -> ApiKey | None:
prefix = api_key_prefix(secret)
candidates = session.query(ApiKey).filter(ApiKey.prefix == prefix, ApiKey.revoked_at.is_(None)).all()
now = datetime.now(timezone.utc)
now = utc_now()
for candidate in candidates:
if candidate.expires_at and candidate.expires_at < now:
expires_at = ensure_aware_utc(candidate.expires_at)
if expires_at and expires_at < now:
continue
if verify_api_key(secret, candidate.key_hash):
candidate.last_used_at = now