external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-19 14:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance security with improved password hashing and logging

Browse Source 
- Add Argon2PasswordHasher with high security settings as primary hasher
- Implement fallback to PBKDF2PasswordHasher for CentOS 7/Python 3.6 compatibility
- Add argon2-cffi dependency to requirements.txt
- Replace all print statements with proper logging calls across codebase
- Implement comprehensive logging configuration with multiple handlers:
  * ivatar.log - General application logs (INFO level)
  * ivatar_debug.log - Detailed debug logs (DEBUG level)
  * security.log - Security events (WARNING level)
- Add configurable LOGS_DIR setting with local config override support
- Create config_local.py.example with logging configuration examples
- Fix code quality issues (flake8, black formatting, import conflicts)
- Maintain backward compatibility with existing password hashes

Security improvements:
- New passwords use Argon2 (memory-hard, ASIC-resistant)
- Enhanced PBKDF2 iterations for fallback scenarios
- Structured logging for security monitoring and debugging
- Production-ready configuration with flexible log locations

Tests: 85/113 passing (failures due to external DNS/API dependencies)
Code quality: All pre-commit hooks passing
This commit is contained in:
Oliver Falk
2025-10-15 15:13:09 +02:00
parent 27ea0ecb6b
commit 368aa5bf27
54 changed files with 14424 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
create.sh
View File

@@ -2,11 +2,11 @@
oc new-project ivatar
DB_PASSWORD=`openssl rand -base64 16`
DB_ROOT_PASSWORD=`openssl rand -base64 16`
DB_PASSWORD=$(openssl rand -base64 16)
DB_ROOT_PASSWORD=$(openssl rand -base64 16)
if [ -n "$USE_MYSQL" ]; then
DB_CMDLINE="mysql-persistent
DB_CMDLINE="mysql-persistent
--group=python+mysql-persistent
-e MYSQL_USER=ivatar
-p MYSQL_USER=ivatar
@@ -17,7 +17,7 @@ if [ -n "$USE_MYSQL" ]; then
-e MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
-p MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD"
else
DB_CMDLINE="postgresql-persistent
DB_CMDLINE="postgresql-persistent
-e POSTGRESQL_USER=ivatar
-p POSTGRESQL_USER=ivatar
-e POSTGRESQL_DATABASE=ivatar
@@ -35,8 +35,8 @@ if [ -n "$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN" ]; then
fi
oc new-app $SECRET_CMDLINE python~https://git.linux-kernel.at/oliver/ivatar.git \
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
$DB_CMDLINE
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
$DB_CMDLINE
oc expose svc/ivatar