Oliver Falk
|
368aa5bf27
|
feat: enhance security with improved password hashing and logging
- Add Argon2PasswordHasher with high security settings as primary hasher
- Implement fallback to PBKDF2PasswordHasher for CentOS 7/Python 3.6 compatibility
- Add argon2-cffi dependency to requirements.txt
- Replace all print statements with proper logging calls across codebase
- Implement comprehensive logging configuration with multiple handlers:
* ivatar.log - General application logs (INFO level)
* ivatar_debug.log - Detailed debug logs (DEBUG level)
* security.log - Security events (WARNING level)
- Add configurable LOGS_DIR setting with local config override support
- Create config_local.py.example with logging configuration examples
- Fix code quality issues (flake8, black formatting, import conflicts)
- Maintain backward compatibility with existing password hashes
Security improvements:
- New passwords use Argon2 (memory-hard, ASIC-resistant)
- Enhanced PBKDF2 iterations for fallback scenarios
- Structured logging for security monitoring and debugging
- Production-ready configuration with flexible log locations
Tests: 85/113 passing (failures due to external DNS/API dependencies)
Code quality: All pre-commit hooks passing
|
2025-10-15 15:13:09 +02:00 |
|