external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-19 22:48:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance security with improved password hashing and logging

Browse Source 
- Add Argon2PasswordHasher with high security settings as primary hasher
- Implement fallback to PBKDF2PasswordHasher for CentOS 7/Python 3.6 compatibility
- Add argon2-cffi dependency to requirements.txt
- Replace all print statements with proper logging calls across codebase
- Implement comprehensive logging configuration with multiple handlers:
  * ivatar.log - General application logs (INFO level)
  * ivatar_debug.log - Detailed debug logs (DEBUG level)
  * security.log - Security events (WARNING level)
- Add configurable LOGS_DIR setting with local config override support
- Create config_local.py.example with logging configuration examples
- Fix code quality issues (flake8, black formatting, import conflicts)
- Maintain backward compatibility with existing password hashes

Security improvements:
- New passwords use Argon2 (memory-hard, ASIC-resistant)
- Enhanced PBKDF2 iterations for fallback scenarios
- Structured logging for security monitoring and debugging
- Production-ready configuration with flexible log locations

Tests: 85/113 passing (failures due to external DNS/API dependencies)
Code quality: All pre-commit hooks passing
This commit is contained in:
Oliver Falk
2025-10-15 15:13:09 +02:00
parent 27ea0ecb6b
commit 368aa5bf27
54 changed files with 14424 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
config_local.py.example Normal file
View File

@@ -0,0 +1,41 @@
# -*- coding: utf-8 -*-
"""
Example local configuration file for ivatar
Copy this to config_local.py and customize for your environment
"""
import os
# Override logs directory for production deployments
# LOGS_DIR = "/var/log/ivatar"
# Override logs directory for development with custom location
# LOGS_DIR = os.path.join(os.path.expanduser("~"), "ivatar_logs")
# Example production overrides:
# DEBUG = False
# SECRET_KEY = "your-production-secret-key-here"
# ALLOWED_HOSTS = ["yourdomain.com", "www.yourdomain.com"]
# Database configuration (if not using environment variables)
# DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.postgresql',
# 'NAME': 'ivatar_prod',
# 'USER': 'ivatar_user',
# 'PASSWORD': 'your-db-password',
# 'HOST': 'localhost',
# 'PORT': '5432',
# }
# }
# Email configuration
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
# EMAIL_HOST = 'smtp.yourdomain.com'
# EMAIL_PORT = 587
# EMAIL_USE_TLS = True
# EMAIL_HOST_USER = 'noreply@yourdomain.com'
# EMAIL_HOST_PASSWORD = 'your-email-password'
# Example: Override logs directory for production
# LOGS_DIR = "/var/log/ivatar"