| from __future__ import annotations | |
| import base64 | |
| import hashlib | |
| from cryptography.fernet import Fernet | |
| from werkzeug.security import check_password_hash, generate_password_hash | |
| class CredentialCipher: | |
| def __init__(self, secret_key: str) -> None: | |
| digest = hashlib.sha256(secret_key.encode("utf-8")).digest() | |
| self._fernet = Fernet(base64.urlsafe_b64encode(digest)) | |
| def encrypt(self, value: str) -> str: | |
| return self._fernet.encrypt(value.encode("utf-8")).decode("utf-8") | |
| def decrypt(self, value: str) -> str: | |
| return self._fernet.decrypt(value.encode("utf-8")).decode("utf-8") | |
| def hash_password(password: str) -> str: | |
| return generate_password_hash(password) | |
| def verify_password(password_hash: str, password: str) -> bool: | |
| return check_password_hash(password_hash, password) | |
| def mask_secret(secret: str) -> str: | |
| if len(secret) <= 4: | |
| return "*" * len(secret) | |
| return f"{secret[:2]}{'*' * (len(secret) - 4)}{secret[-2:]}" | |