lucasacchi/openrouter-watcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): T15 implement API token generation

Browse Source 
- Add generate_api_token with format 'or_api_' + 48 bytes random
- Implement hash_token with SHA-256
- Add verify_api_token with timing-safe comparison (secrets.compare_digest)
- Only hash stored in DB, plaintext shown once
- 20 comprehensive tests with 100% coverage
- Handle TypeError for non-string inputs
This commit is contained in:
Luca Sacchi Ricciardi
2026-04-07 12:12:39 +02:00
parent 781e564ea0
commit 649ff76d6c
3 changed files with 381 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
export/progress.md
View File

@@ -52,11 +52,11 @@
- [x] T10: Creare model ApiToken (SQLAlchemy) - ✅ Completato (2026-04-07 11:15)
- [x] T11: Setup Alembic e creare migrazione iniziale - ✅ Completato (2026-04-07 11:20)
### 🔐 Servizi di Sicurezza (T12-T16) - 2/5 completati
### 🔐 Servizi di Sicurezza (T12-T16) - 3/5 completati
- [x] T12: Implementare EncryptionService (AES-256) - ✅ Completato (2026-04-07 12:00, commit: 2fdd9d1)
- [x] T13: Implementare password hashing (bcrypt) - ✅ Completato (2026-04-07 12:15, commit: 54e8116)
- [ ] T14: Implementare JWT utilities - 🟡 In progress
- [ ] T15: Implementare API token generation
- [x] T14: Implementare JWT utilities - ✅ Completato (2026-04-07 12:30, commit: 781e564)
- [ ] T15: Implementare API token generation - 🟡 In progress
- [ ] T16: Scrivere test per servizi di encryption
### 👤 Autenticazione Utenti (T17-T22) - 0/6 completati