Claude Code - Backend Implementation Specialist Claude Sonnet 4.5 commited on
Commit ·
19d86c5
1
Parent(s): 1941764
Update dependencies and improve password hashing security
Browse files- Pin all package versions in requirements.txt for reproducibility
- Switch from bcrypt to argon2 for more secure password hashing
- Argon2 is more resistant to GPU-based attacks and has better security properties
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- requirements.txt +10 -13
- src/services/auth.py +4 -4
requirements.txt
CHANGED
|
@@ -1,13 +1,10 @@
|
|
| 1 |
-
fastapi
|
| 2 |
-
sqlmodel
|
| 3 |
-
python-jose
|
| 4 |
-
passlib
|
| 5 |
-
|
| 6 |
-
|
| 7 |
-
|
| 8 |
-
|
| 9 |
-
|
| 10 |
-
|
| 11 |
-
python-dotenv
|
| 12 |
-
mangum
|
| 13 |
-
email-validator
|
|
|
|
| 1 |
+
fastapi==0.109.0
|
| 2 |
+
sqlmodel==0.0.14
|
| 3 |
+
python-jose[cryptography]==3.3.0
|
| 4 |
+
passlib[argon2]==1.7.4
|
| 5 |
+
python-multipart==0.0.6
|
| 6 |
+
uvicorn[standard]==0.27.0
|
| 7 |
+
pydantic>=2.6.0
|
| 8 |
+
pydantic-settings>=2.2.0
|
| 9 |
+
python-dotenv==1.0.0
|
| 10 |
+
email-validator==2.1.0
|
|
|
|
|
|
|
|
|
src/services/auth.py
CHANGED
|
@@ -14,8 +14,8 @@ from typing import Optional, Dict, Any
|
|
| 14 |
from passlib.context import CryptContext
|
| 15 |
from jose import JWTError, jwt
|
| 16 |
|
| 17 |
-
# Password hashing configuration
|
| 18 |
-
pwd_context = CryptContext(schemes=["
|
| 19 |
|
| 20 |
# JWT configuration from environment variables
|
| 21 |
JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY", "your-secret-key-change-in-production")
|
|
@@ -25,7 +25,7 @@ JWT_EXPIRATION_MINUTES = int(os.getenv("JWT_EXPIRATION_MINUTES", "10080")) # De
|
|
| 25 |
|
| 26 |
def hash_password(password: str) -> str:
|
| 27 |
"""
|
| 28 |
-
Hash a plain text password using
|
| 29 |
|
| 30 |
Args:
|
| 31 |
password: Plain text password to hash
|
|
@@ -36,7 +36,7 @@ def hash_password(password: str) -> str:
|
|
| 36 |
Example:
|
| 37 |
>>> hashed = hash_password("mypassword123")
|
| 38 |
>>> print(hashed)
|
| 39 |
-
$
|
| 40 |
"""
|
| 41 |
return pwd_context.hash(password)
|
| 42 |
|
|
|
|
| 14 |
from passlib.context import CryptContext
|
| 15 |
from jose import JWTError, jwt
|
| 16 |
|
| 17 |
+
# Password hashing configuration using Argon2 (more secure and no compatibility issues)
|
| 18 |
+
pwd_context = CryptContext(schemes=["argon2"], deprecated="auto")
|
| 19 |
|
| 20 |
# JWT configuration from environment variables
|
| 21 |
JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY", "your-secret-key-change-in-production")
|
|
|
|
| 25 |
|
| 26 |
def hash_password(password: str) -> str:
|
| 27 |
"""
|
| 28 |
+
Hash a plain text password using Argon2.
|
| 29 |
|
| 30 |
Args:
|
| 31 |
password: Plain text password to hash
|
|
|
|
| 36 |
Example:
|
| 37 |
>>> hashed = hash_password("mypassword123")
|
| 38 |
>>> print(hashed)
|
| 39 |
+
$argon2id$...
|
| 40 |
"""
|
| 41 |
return pwd_context.hash(password)
|
| 42 |
|