Source code for

# Copyright 2022 Karlsruhe Institute of Technology
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# See the License for the specific language governing permissions and
# limitations under the License.
import hashlib
import os
import string
from secrets import SystemRandom
from time import time

import jwt
from flask import current_app

[docs]def random_alnum(num_chars=16): """Generate a secure random alphanumeric string. :param num_chars: (optional) The number of chars to generate. :return: The generated string. """ alphanum = string.ascii_letters + string.digits return "".join(SystemRandom().choice(alphanum) for _ in range(num_chars))
[docs]def random_bytes(num_bytes=24, hexadecimal=True): """Generate a secure random byte sequence. :param length: (optional) The number of bytes to generate. :param hexadecimal: (optional) Whether to return the bytes in a hexadecimal string representation. :return: The generated byte sequence or hexadecimal string. """ byte_sequence = os.urandom(num_bytes) if hexadecimal: return byte_sequence.hex() return byte_sequence
[docs]def hash_value(value, alg="sha256", hexadecimal=True): """Create a secure hash of a value. :param value: The value to hash, either a bytes object or a string. :param alg: (optional) The hash algorithm to use, according to the algorithms available in Python's "hashlib" module. :param hexadecimal: (optional) Whether to return the hash in a hexadecimal string representation. :return: The calculated hash as a byte sequence or hexadecimal string or ``None`` if the given algorithm is not available. """ if not isinstance(value, bytes): value = value.encode() if alg not in hashlib.algorithms_available: return None hashed_value = getattr(hashlib, alg)(value) if hexadecimal: return hashed_value.hexdigest() return hashed_value.digest()
[docs]def encode_jwt(payload, expires_in=None): """Encode a given payload inside a JSON web token. :param payload: The payload to encode as dictionary, which needs to be JSON serializable. :param expires_in: (optional) The time in seconds that the token should expire in. :return: The encoded token as string. """ if expires_in is not None: payload["exp"] = int(time()) + expires_in return jwt.encode(payload, current_app.secret_key, algorithm="HS256")
[docs]def decode_jwt(token): """Decode a given JSON web token. :param token: The token to decode as string. :return: The decoded payload dictionary or ``None`` if the token is invalid or expired. """ try: return jwt.decode(token, current_app.secret_key, algorithms=["HS256"]) except jwt.InvalidTokenError: return None