aibot777/server-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 36 Wiki Activity
Files
bf39fd7b678faa0ac16905272a9c25e132abff16
server-manager/core/encryption.py
chrome-storm-c442 bf39fd7b67 v1.2.0 + v1.3.0: Localization, About dialog, TOTP/2FA, stability improvements 
v1.2.0:
- GUI localization (EN/RU/ZH) with language switcher and persistent selection
- About dialog (ⓘ) with app info, features, quick start guide
- core/i18n.py — internationalization module with t() function
- All GUI components translated via t() keys

v1.3.0:
- TOTP/2FA tab — Google Authenticator compatible codes with live 30s countdown,
  one-click copy, per-server secret management
- core/totp.py — TOTP module (pyotp, RFC 6238)
- core/logger.py — rotating file logger (5MB, 3 backups)
- Stronger Fernet encryption key with automatic migration from old key
- Thread-safe server store with locks, atomic writes, auto-restore on corruption
- Parallel status checks via ThreadPoolExecutor (up to 10 concurrent)
- SSH client: explicit channel cleanup, Unix key permissions
- Server dialog: port validation (1-65535), TOTP secret field
- Language change preserves active tab and server selection
- pyotp dependency added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 11:07:51 -05:00

41 lines
1.3 KiB
Python
Raw Blame History

"""
Encryption module — Fernet symmetric encryption for servers.json.
Used by both GUI (ServerStore) and CLI (ssh.py).
"""
import os
from cryptography.fernet import Fernet, InvalidToken
# Strong hardcoded key (generated from os.urandom(32), base64-encoded)
# This is the application-level encryption key — by design it's embedded.
ENCRYPTION_KEY = b"xK9mQ2vL7pR4wZ8nB3jF6hT1yD5sA0cE-gU_iO9lMWk="
# Migration: old key from v1.1.0-1.2.0
_OLD_KEY = b"b8iPQzO8_18Y68NluKLQPUTfXVyRsz_BIzTeqfm0aZk="
_fernet = Fernet(ENCRYPTION_KEY)
_fernet_old = Fernet(_OLD_KEY)
def encrypt(plaintext: str) -> bytes:
"""Encrypt a plaintext string, return Fernet token bytes."""
return _fernet.encrypt(plaintext.encode("utf-8"))
def decrypt(data: bytes) -> str:
"""Decrypt Fernet token bytes, return plaintext string.
Tries new key first, falls back to old key for migration."""
try:
return _fernet.decrypt(data).decode("utf-8")
except InvalidToken:
# Try old key for backward compatibility
return _fernet_old.decrypt(data).decode("utf-8")
def is_encrypted(data: bytes) -> bool:
"""Check if data is a Fernet token (starts with 'gAAAAA') vs plain JSON (starts with '{')."""
try:
return data.decode("utf-8").strip().startswith("gAAAAA")
except UnicodeDecodeError:
return True
Reference in New Issue View Git Blame Copy Permalink