apppy-generic 0.12.0__tar.gz

apppy_generic-0.12.0/.gitignore

@@ -0,0 +1,28 @@
+__generated__/
+dist/
+*.egg-info
+.env
+.env.*
+*.env
+!.github/ci/.env.local
+.file_store/
+*.pid
+.python-version
+*.secrets
+.secrets
+*.tar.gz
+*.test_output/
+.test_output/
+uv.lock
+*.whl
+
+# System files
+__pycache__
+.DS_Store
+
+# Editor files
+*.sublime-project
+*.sublime-workspace
+.vscode/*
+!.vscode/settings.json
+

apppy_generic-0.12.0/PKG-INFO

@@ -0,0 +1,11 @@
+Metadata-Version: 2.4
+Name: apppy-generic
+Version: 0.12.0
+Summary: Generic Python definitions for server development
+Project-URL: Homepage, https://github.com/spals/apppy
+Author: Tim Kral
+License: MIT
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Requires-Python: >=3.11
+Requires-Dist: cryptography==43.0.3

apppy_generic-0.12.0/generic.mk

@@ -0,0 +1,26 @@
+ifndef APPPY_GENERIC_MK_INCLUDED
+APPPY_GENERIC_MK_INCLUDED := 1
+GENERIC_PKG_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
+
+.PHONY: generic generic-dev generic/build generic/clean generic/install generic/install-dev
+
+generic: generic/clean generic/install
+
+generic-dev: generic/clean generic/install-dev
+
+generic/build:
+	cd $(GENERIC_PKG_DIR) && uvx --from build pyproject-build
+
+generic/clean:
+	cd $(GENERIC_PKG_DIR) && rm -rf dist/ *.egg-info .venv
+
+generic/install: generic/build
+	cd $(GENERIC_PKG_DIR) && uv pip install dist/*.whl
+
+generic/install-dev:
+	cd $(GENERIC_PKG_DIR) && uv pip install -e .
+
+generic/publish: generic/clean generic/install
+	twine upload $(GENERIC_PKG_DIR)/dist/* || exit 1
+
+endif # APPPY_GENERIC_MK_INCLUDED

apppy_generic-0.12.0/pyproject.toml

@@ -0,0 +1,33 @@
+[build-system]
+requires = ["hatchling>=1.25"]
+build-backend = "hatchling.build"
+
+[dependency-groups]
+dev = []
+
+[project]
+name = "apppy-generic"
+description = "Generic Python definitions for server development"
+dynamic = ["version"]
+readme = "README.md"
+requires-python = ">=3.11"
+license = {text = "MIT"}
+authors = [{ name = "Tim Kral" }]
+classifiers = [
+  "Programming Language :: Python :: 3",
+  "License :: OSI Approved :: MIT License",
+]
+dependencies = [
+    "cryptography==43.0.3",
+]
+
+[project.urls]
+Homepage = "https://github.com/spals/apppy"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/apppy"]
+
+[tool.hatch.version]
+path = "../../VERSION"
+pattern = "^(?P<version>\\d+\\.\\d+\\.\\d+)$"
+source = "regex"

apppy_generic-0.12.0/src/apppy/generic/encrypt.py

@@ -0,0 +1,77 @@
+from os import urandom
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, padding
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+BLOCK_SIZE = 16  # AES block size in bytes
+
+
+class DecryptionFailedError(Exception):
+    """Raised when there is an error while trying ot decrypt bytes"""
+
+    def __init__(self):
+        super().__init__("unable_to_decrypt")
+
+
+class BytesEncrypter:
+    """
+    Service to encrypt data bytes.integers into strings based on a static
+    alphabet. This allows the system to ofuscate the integer
+    values to outside parties (e.g. database primary keys)
+    """
+
+    def __init__(self, passphrase: str, salt: str | bytes) -> None:
+        self._passphrase = passphrase
+        if isinstance(salt, str):
+            self._salt = salt.encode("utf-8")
+        else:
+            self._salt = salt
+
+        self._encryption_key = self.__derive_encryption_key()
+
+    def __derive_encryption_key(self) -> bytes:
+        passphrase_encoded = self._passphrase.encode()
+        kdf = PBKDF2HMAC(
+            algorithm=hashes.SHA256(),
+            length=32,  # AES-256 requires 32 bytes
+            salt=self._salt,
+            iterations=100000,
+            backend=default_backend(),
+        )
+        return kdf.derive(passphrase_encoded)
+
+    def encrypt_bytes(self, data: bytes) -> bytes:
+        """
+        Encrypt the entire data stream with AES-CBC and PKCS7 padding.
+        A new IV is generated for each encryption operation.
+        """
+        iv = urandom(BLOCK_SIZE)
+        cipher = Cipher(
+            algorithms.AES(self._encryption_key), modes.CBC(iv), backend=default_backend()
+        )
+        encryptor = cipher.encryptor()
+        padder = padding.PKCS7(BLOCK_SIZE * 8).padder()
+        padded_data = padder.update(data) + padder.finalize()
+        encrypted_data = encryptor.update(padded_data) + encryptor.finalize()
+        return iv + encrypted_data
+
+    def decrypt_bytes(self, data: bytes) -> bytes:
+        """
+        Decrypt the data stream with AES-CBC and PKCS7 unpadding.
+        The IV is extracted from the first block of the encrypted data.
+        """
+        iv = data[:BLOCK_SIZE]
+        encrypted_data = data[BLOCK_SIZE:]
+
+        cipher = Cipher(
+            algorithms.AES(self._encryption_key), modes.CBC(iv), backend=default_backend()
+        )
+        decryptor = cipher.decryptor()
+        decrypted_data = decryptor.update(encrypted_data) + decryptor.finalize()
+        unpadder = padding.PKCS7(BLOCK_SIZE * 8).unpadder()
+        try:
+            return unpadder.update(decrypted_data) + unpadder.finalize()
+        except ValueError as e:
+            raise DecryptionFailedError() from e