v1.2.0 + v1.3.0: Localization, About dialog, TOTP/2FA, stability improvements
v1.2.0: - GUI localization (EN/RU/ZH) with language switcher and persistent selection - About dialog (ⓘ) with app info, features, quick start guide - core/i18n.py — internationalization module with t() function - All GUI components translated via t() keys v1.3.0: - TOTP/2FA tab — Google Authenticator compatible codes with live 30s countdown, one-click copy, per-server secret management - core/totp.py — TOTP module (pyotp, RFC 6238) - core/logger.py — rotating file logger (5MB, 3 backups) - Stronger Fernet encryption key with automatic migration from old key - Thread-safe server store with locks, atomic writes, auto-restore on corruption - Parallel status checks via ThreadPoolExecutor (up to 10 concurrent) - SSH client: explicit channel cleanup, Unix key permissions - Server dialog: port validation (1-65535), TOTP secret field - Language change preserves active tab and server selection - pyotp dependency added Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
chrome-storm-c442
40
core/encryption.py
Normal file
40
core/encryption.py
Normal file
@@ -0,0 +1,40 @@
|
||||
"""
|
||||
Encryption module — Fernet symmetric encryption for servers.json.
|
||||
Used by both GUI (ServerStore) and CLI (ssh.py).
|
||||
"""
|
||||
|
||||
import os
|
||||
from cryptography.fernet import Fernet, InvalidToken
|
||||
|
||||
# Strong hardcoded key (generated from os.urandom(32), base64-encoded)
|
||||
# This is the application-level encryption key — by design it's embedded.
|
||||
ENCRYPTION_KEY = b"xK9mQ2vL7pR4wZ8nB3jF6hT1yD5sA0cE-gU_iO9lMWk="
|
||||
|
||||
# Migration: old key from v1.1.0-1.2.0
|
||||
_OLD_KEY = b"b8iPQzO8_18Y68NluKLQPUTfXVyRsz_BIzTeqfm0aZk="
|
||||
|
||||
_fernet = Fernet(ENCRYPTION_KEY)
|
||||
_fernet_old = Fernet(_OLD_KEY)
|
||||
|
||||
|
||||
def encrypt(plaintext: str) -> bytes:
|
||||
"""Encrypt a plaintext string, return Fernet token bytes."""
|
||||
return _fernet.encrypt(plaintext.encode("utf-8"))
|
||||
|
||||
|
||||
def decrypt(data: bytes) -> str:
|
||||
"""Decrypt Fernet token bytes, return plaintext string.
|
||||
Tries new key first, falls back to old key for migration."""
|
||||
try:
|
||||
return _fernet.decrypt(data).decode("utf-8")
|
||||
except InvalidToken:
|
||||
# Try old key for backward compatibility
|
||||
return _fernet_old.decrypt(data).decode("utf-8")
|
||||
|
||||
|
||||
def is_encrypted(data: bytes) -> bool:
|
||||
"""Check if data is a Fernet token (starts with 'gAAAAA') vs plain JSON (starts with '{')."""
|
||||
try:
|
||||
return data.decode("utf-8").strip().startswith("gAAAAA")
|
||||
except UnicodeDecodeError:
|
||||
return True
|
||||
Reference in New Issue
Block a user