add security py

backend/trading_journal/security.py

@@ -1,11 +1,51 @@
-from passlib.context import CryptContext
+import hashlib
+import hmac
+import secrets
 
-pwd_ctx = CryptContext(schemes=["argon2"], deprecated="auto")
+from argon2 import PasswordHasher
+from argon2.exceptions import VerifyMismatchError
+
+import settings
+
+ph = PasswordHasher()
+
+# Utility functions for password hashing and verification
 
 
 def hash_password(plain: str) -> str:
-    return pwd_ctx.hash(plain)
+    return ph.hash(plain)
+
 
 def verify_password(plain: str, hashed: str) -> bool:
-    return pwd_ctx.verify(plain, hashed)
+    try:
+        return ph.verify(hashed, plain)
+    except VerifyMismatchError:
+        return False
 
+
+# Session token hash
+
+
+def generate_session_token(nbytes: int = 32) -> str:
+    return secrets.token_urlsafe(nbytes)
+
+
+def hash_session_token_sha256(token: str) -> str:
+    return hashlib.sha256(token.encode("utf-8")).hexdigest()
+
+
+def sign_token_hmac(token: str) -> str:
+    if not settings.settings.hmac_key:
+        return token
+    return hmac.new(settings.settings.hmac_key.encode("utf-8"), token.encode("utf-8"), hashlib.sha256).hexdigest()
+
+
+def verify_token_sha256(token: str, expected_hash: str) -> bool:
+    return hmac.compare_digest(hash_session_token_sha256(token), expected_hash)
+
+
+def verify_token_hmac(token: str, expected_hmac: str) -> bool:
+    if not settings.settings.hmac_key:
+        return verify_token_sha256(token, expected_hmac)
+    sig = hmac.new(settings.settings.hmac_key.encode("utf-8"), token.encode("utf-8"), hashlib.sha256).hexdigest()
+    return hmac.compare_digest(sig, expected_hmac)