Spaces:
Building
Building
Update utils/encryption_utils.py
Browse files- utils/encryption_utils.py +87 -15
utils/encryption_utils.py
CHANGED
@@ -1,22 +1,29 @@
|
|
1 |
"""
|
2 |
Flare – Fernet şifreleme yardımcıları
|
3 |
-
- encrypt():
|
4 |
-
- decrypt():
|
5 |
-
Anahtar: FLARE_TOKEN_KEY
|
|
|
|
|
|
|
|
|
6 |
"""
|
7 |
|
8 |
import os
|
|
|
|
|
9 |
from typing import Optional
|
10 |
from cryptography.fernet import Fernet, InvalidToken
|
11 |
from .logger import log_error, log_warning
|
12 |
|
13 |
_ENV_KEY = "FLARE_TOKEN_KEY"
|
14 |
|
|
|
15 |
def _get_key() -> Fernet:
|
16 |
"""Get encryption key with better error messages"""
|
17 |
# Direkt environment variable kullan
|
18 |
key = os.getenv(_ENV_KEY)
|
19 |
-
|
20 |
# .env dosyasından yüklemeyi dene
|
21 |
if not key:
|
22 |
try:
|
@@ -25,7 +32,7 @@ def _get_key() -> Fernet:
|
|
25 |
key = os.getenv(_ENV_KEY)
|
26 |
except ImportError:
|
27 |
pass
|
28 |
-
|
29 |
if not key:
|
30 |
error_msg = (
|
31 |
f"{_ENV_KEY} ortam değişkeni tanımlanmadı. "
|
@@ -33,7 +40,7 @@ def _get_key() -> Fernet:
|
|
33 |
)
|
34 |
log_error(error_msg)
|
35 |
raise RuntimeError(error_msg)
|
36 |
-
|
37 |
# Key formatını kontrol et
|
38 |
try:
|
39 |
return Fernet(key.encode())
|
@@ -46,32 +53,42 @@ def _get_key() -> Fernet:
|
|
46 |
log_error(error_msg, error=str(e))
|
47 |
raise RuntimeError(error_msg)
|
48 |
|
49 |
-
|
|
|
50 |
"""düz string → enc:..."""
|
51 |
if not plain:
|
52 |
log_warning("Empty string passed to encrypt")
|
53 |
return ""
|
54 |
-
|
55 |
try:
|
56 |
-
|
|
|
|
|
|
|
|
|
57 |
encrypted = f.encrypt(plain.encode()).decode()
|
58 |
return "enc:" + encrypted
|
59 |
except Exception as e:
|
60 |
log_error("Encryption failed", error=str(e))
|
61 |
raise
|
62 |
|
63 |
-
|
|
|
64 |
"""enc:... ise çözer, değilse aynen döndürür"""
|
65 |
if value is None or not isinstance(value, str):
|
66 |
return value
|
67 |
-
|
68 |
if not value.startswith("enc:"):
|
69 |
return value
|
70 |
-
|
71 |
token = value.split("enc:", 1)[1]
|
72 |
-
|
73 |
try:
|
74 |
-
|
|
|
|
|
|
|
|
|
75 |
decrypted = f.decrypt(token.encode()).decode()
|
76 |
return decrypted
|
77 |
except InvalidToken:
|
@@ -85,4 +102,59 @@ def decrypt(value: Optional[str]) -> Optional[str]:
|
|
85 |
raise RuntimeError(error_msg)
|
86 |
except Exception as e:
|
87 |
log_error("Decryption error", error=str(e))
|
88 |
-
raise
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
"""
|
2 |
Flare – Fernet şifreleme yardımcıları
|
3 |
+
- encrypt(): düz string → "enc:<blob>"
|
4 |
+
- decrypt(): enc:<blob> → düz string (veya enc: yoksa aynen döner)
|
5 |
+
Anahtar: FLARE_TOKEN_KEY (32-bayt, base64, URL-safe)
|
6 |
+
|
7 |
+
CLI Kullanımı:
|
8 |
+
python encryption_utils.py enc "şifrelenecek metin" [--key KEY]
|
9 |
+
python encryption_utils.py dec "enc:..." [--key KEY]
|
10 |
"""
|
11 |
|
12 |
import os
|
13 |
+
import sys
|
14 |
+
import argparse
|
15 |
from typing import Optional
|
16 |
from cryptography.fernet import Fernet, InvalidToken
|
17 |
from .logger import log_error, log_warning
|
18 |
|
19 |
_ENV_KEY = "FLARE_TOKEN_KEY"
|
20 |
|
21 |
+
|
22 |
def _get_key() -> Fernet:
|
23 |
"""Get encryption key with better error messages"""
|
24 |
# Direkt environment variable kullan
|
25 |
key = os.getenv(_ENV_KEY)
|
26 |
+
|
27 |
# .env dosyasından yüklemeyi dene
|
28 |
if not key:
|
29 |
try:
|
|
|
32 |
key = os.getenv(_ENV_KEY)
|
33 |
except ImportError:
|
34 |
pass
|
35 |
+
|
36 |
if not key:
|
37 |
error_msg = (
|
38 |
f"{_ENV_KEY} ortam değişkeni tanımlanmadı. "
|
|
|
40 |
)
|
41 |
log_error(error_msg)
|
42 |
raise RuntimeError(error_msg)
|
43 |
+
|
44 |
# Key formatını kontrol et
|
45 |
try:
|
46 |
return Fernet(key.encode())
|
|
|
53 |
log_error(error_msg, error=str(e))
|
54 |
raise RuntimeError(error_msg)
|
55 |
|
56 |
+
|
57 |
+
def encrypt(plain: str, key: Optional[str] = None) -> str:
|
58 |
"""düz string → enc:..."""
|
59 |
if not plain:
|
60 |
log_warning("Empty string passed to encrypt")
|
61 |
return ""
|
62 |
+
|
63 |
try:
|
64 |
+
if key:
|
65 |
+
f = Fernet(key.encode())
|
66 |
+
else:
|
67 |
+
f = _get_key()
|
68 |
+
|
69 |
encrypted = f.encrypt(plain.encode()).decode()
|
70 |
return "enc:" + encrypted
|
71 |
except Exception as e:
|
72 |
log_error("Encryption failed", error=str(e))
|
73 |
raise
|
74 |
|
75 |
+
|
76 |
+
def decrypt(value: Optional[str], key: Optional[str] = None) -> Optional[str]:
|
77 |
"""enc:... ise çözer, değilse aynen döndürür"""
|
78 |
if value is None or not isinstance(value, str):
|
79 |
return value
|
80 |
+
|
81 |
if not value.startswith("enc:"):
|
82 |
return value
|
83 |
+
|
84 |
token = value.split("enc:", 1)[1]
|
85 |
+
|
86 |
try:
|
87 |
+
if key:
|
88 |
+
f = Fernet(key.encode())
|
89 |
+
else:
|
90 |
+
f = _get_key()
|
91 |
+
|
92 |
decrypted = f.decrypt(token.encode()).decode()
|
93 |
return decrypted
|
94 |
except InvalidToken:
|
|
|
102 |
raise RuntimeError(error_msg)
|
103 |
except Exception as e:
|
104 |
log_error("Decryption error", error=str(e))
|
105 |
+
raise
|
106 |
+
|
107 |
+
|
108 |
+
def main():
|
109 |
+
"""CLI entry point"""
|
110 |
+
parser = argparse.ArgumentParser(
|
111 |
+
description="Fernet encryption/decryption utility",
|
112 |
+
formatter_class=argparse.RawDescriptionHelpFormatter,
|
113 |
+
epilog="""
|
114 |
+
Examples:
|
115 |
+
# Encrypt with environment key
|
116 |
+
python encryption_utils.py enc "secret message"
|
117 |
+
|
118 |
+
# Encrypt with custom key
|
119 |
+
python encryption_utils.py enc "secret message" --key "your-32-byte-base64-key"
|
120 |
+
|
121 |
+
# Decrypt
|
122 |
+
python encryption_utils.py dec "enc:gAAAAABh..."
|
123 |
+
|
124 |
+
# Generate new key
|
125 |
+
python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
|
126 |
+
"""
|
127 |
+
)
|
128 |
+
|
129 |
+
parser.add_argument(
|
130 |
+
"command",
|
131 |
+
choices=["enc", "dec"],
|
132 |
+
help="Command to execute: 'enc' for encrypt, 'dec' for decrypt"
|
133 |
+
)
|
134 |
+
|
135 |
+
parser.add_argument(
|
136 |
+
"text",
|
137 |
+
help="Text to encrypt or decrypt"
|
138 |
+
)
|
139 |
+
|
140 |
+
parser.add_argument(
|
141 |
+
"--key",
|
142 |
+
help="Optional Fernet key (32-byte base64). If not provided, uses FLARE_TOKEN_KEY env var"
|
143 |
+
)
|
144 |
+
|
145 |
+
args = parser.parse_args()
|
146 |
+
|
147 |
+
try:
|
148 |
+
if args.command == "enc":
|
149 |
+
result = encrypt(args.text, args.key)
|
150 |
+
print(result)
|
151 |
+
else: # dec
|
152 |
+
result = decrypt(args.text, args.key)
|
153 |
+
print(result)
|
154 |
+
except Exception as e:
|
155 |
+
print(f"Error: {e}", file=sys.stderr)
|
156 |
+
sys.exit(1)
|
157 |
+
|
158 |
+
|
159 |
+
if __name__ == "__main__":
|
160 |
+
main()
|