First commit

2024-06-10 20:40:22 +05:30 · 2024-06-10 20:40:22 +05:30 · 3c244e7c05
commit 3c244e7c05
20 changed files with 2996 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
+__pycache__
+.vscode
+database/*
--- a/auth.py
+++ b/auth.py
@ -0,0 +1,82 @@
+import datetime
+import json
+import os
+from typing import Any, Union
+
+import bcrypt
+import jwt
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer
+from jwt.exceptions import InvalidTokenError
+
+ACCESS_TOKEN_EXPIRE_MINUTES = 30  # 30 minutes
+ALGORITHM = "HS256"
+JWT_SECRET_KEY = 'abcdefghijklmnopqrstuvwxyz'
+
+security = HTTPBearer()
+
+
+def create_access_token(subject: str|int, encryption_key: str, expires_delta: int = None) -> str:
+    """Creates a jwt token for the logged in user"""
+
+    if expires_delta is not None:
+        expires_delta = datetime.datetime.now(datetime.timezone.utc) + expires_delta
+    else:
+        expires_delta = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+
+    to_encode = {"exp": expires_delta, "sub": subject, "key": encryption_key}
+    encoded_jwt = jwt.encode(to_encode, JWT_SECRET_KEY, ALGORITHM)
+    return encoded_jwt
+
+
+def get_current_user(token: str = Depends(security)) -> dict:
+    """Parses a jwt token and if it's valid, returns the user ID from it"""
+
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials",
+        headers={'WWW-Authenticate': 'Bearer'}
+    )
+    credential = token.credentials
+    try:
+        payload = jwt.decode(credential, JWT_SECRET_KEY, algorithms=[ALGORITHM])
+        user_id: str = payload.get("sub")
+        if user_id is None:
+            raise credentials_exception
+
+    except InvalidTokenError:
+        raise credentials_exception
+
+    with open('database/users.json', 'r') as f:
+        text = f.read()
+        if text:
+            data = json.loads(text)
+        else:
+            raise credentials_exception
+
+    user = [i for i in data if i['id']==user_id]
+    if not user:
+        raise credentials_exception
+
+    cur_user = {'id': user_id}
+    cur_user['username'] = user[0]['username']
+    cur_user['encryption_key'] = payload['key']
+
+    return cur_user
+
+
+class Hasher:
+    """Class for hashing and verifying passwords"""
+
+    @staticmethod
+    def verify_password(plain_password: str, hashed_password: str) -> bool:
+        encoded_password = plain_password.encode('utf-8')
+        encoded_hash = hashed_password.encode('utf-8')
+        return bcrypt.checkpw(encoded_password, encoded_hash)
+
+    @staticmethod
+    def get_password_hash(password: str) -> str:
+        salt = bcrypt.gensalt()
+        encoded_password = password.encode('utf-8')
+        hash = bcrypt.hashpw(encoded_password, salt)
+        return hash.decode('utf-8')
--- a/crypto.py
+++ b/crypto.py
@ -0,0 +1,42 @@
+import base64
+import os
+
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
+
+
+def fernet_encrypt(value: bytes, key: bytes) -> bytes:
+    f = Fernet(key)
+    token = f.encrypt(value)
+    return token
+
+
+def fernet_decrypt(value, key, return_bytes=False):
+    f = Fernet(key)
+    msg = f.decrypt(value)
+    if return_bytes:
+        return msg
+    return msg.decode("utf-8")
+
+
+def generate_user_passkey(password: str, salt: bytes = None) -> tuple[bytes, bytes]:
+    if salt is None:
+        salt = os.urandom(128)
+
+    kdf = Scrypt(salt=salt, length=32, n=2**14, r=8, p=1)
+    user_passkey = kdf.derive(password.encode("utf-8"))
+    return salt, base64.b64encode(user_passkey)
+
+
+def generate_random_encryption_key():
+    return Fernet.generate_key()
+
+
+def serialize_bytes(byte_value):
+    byte_value = base64.b64encode(byte_value)
+    return byte_value.decode("utf-8")
+
+
+def deserialize_into_bytes(string):
+    string = string.encode("utf-8")
+    return base64.b64decode(string)
--- a/frontend/.eslintrc.cjs
+++ b/frontend/.eslintrc.cjs
@ -0,0 +1,14 @@
+/* eslint-env node */
+require('@rushstack/eslint-patch/modern-module-resolution')
+
+module.exports = {
+  root: true,
+  'extends': [
+    'plugin:vue/vue3-essential',
+    'eslint:recommended',
+    '@vue/eslint-config-prettier/skip-formatting'
+  ],
+  parserOptions: {
+    ecmaVersion: 'latest'
+  }
+}
--- a/frontend/.gitignore
+++ b/frontend/.gitignore
@ -0,0 +1,30 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+.DS_Store
+dist
+dist-ssr
+coverage
+*.local
+
+/cypress/videos/
+/cypress/screenshots/
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+*.tsbuildinfo
--- a/frontend/.prettierrc.json
+++ b/frontend/.prettierrc.json
@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/prettierrc",
+  "semi": false,
+  "tabWidth": 2,
+  "singleQuote": true,
+  "printWidth": 100,
+  "trailingComma": "none"
+}
--- a/frontend/README.md
+++ b/frontend/README.md
@ -0,0 +1,35 @@
+# frontend
+
+This template should help get you started developing with Vue 3 in Vite.
+
+## Recommended IDE Setup
+
+[VSCode](https://code.visualstudio.com/) + [Volar](https://marketplace.visualstudio.com/items?itemName=Vue.volar) (and disable Vetur).
+
+## Customize configuration
+
+See [Vite Configuration Reference](https://vitejs.dev/config/).
+
+## Project Setup
+
+```sh
+npm install
+```
+
+### Compile and Hot-Reload for Development
+
+```sh
+npm run dev
+```
+
+### Compile and Minify for Production
+
+```sh
+npm run build
+```
+
+### Lint with [ESLint](https://eslint.org/)
+
+```sh
+npm run lint
+```
--- a/frontend/index.html
+++ b/frontend/index.html
@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <link rel="icon" href="/favicon.ico">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Vite App</title>
+  </head>
+  <body>
+    <div id="app"></div>
+    <script type="module" src="/src/main.js"></script>
+  </body>
+</html>
--- a/frontend/jsconfig.json
+++ b/frontend/jsconfig.json
@ -0,0 +1,8 @@
+{
+  "compilerOptions": {
+    "paths": {
+      "@/*": ["./src/*"]
+    }
+  },
+  "exclude": ["node_modules", "dist"]
+}
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
--- a/frontend/package.json
+++ b/frontend/package.json
@ -0,0 +1,25 @@
+{
+  "name": "frontend",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "vite build",
+    "preview": "vite preview",
+    "lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs --fix --ignore-path .gitignore",
+    "format": "prettier --write src/"
+  },
+  "dependencies": {
+    "vue": "^3.4.21"
+  },
+  "devDependencies": {
+    "@rushstack/eslint-patch": "^1.8.0",
+    "@vitejs/plugin-vue": "^5.0.4",
+    "@vue/eslint-config-prettier": "^9.0.0",
+    "eslint": "^8.57.0",
+    "eslint-plugin-vue": "^9.23.0",
+    "prettier": "^3.2.5",
+    "vite": "^5.2.8"
+  }
+}
--- a/frontend/public/favicon.ico
+++ b/frontend/public/favicon.ico
--- a/frontend/src/App.vue
+++ b/frontend/src/App.vue
@ -0,0 +1,15 @@
+<script setup>
+import HelloWorld from "./components/HelloWorld.vue";
+</script>
+
+<template>
+  <div>
+    <header>
+      <div class="wrapper">
+        <HelloWorld msg="You did it!" />
+      </div>
+    </header>
+  </div>
+</template>
+
+<style scoped></style>
--- a/frontend/src/assets/base.css
+++ b/frontend/src/assets/base.css
@ -0,0 +1,86 @@
+/* color palette from <https://github.com/vuejs/theme> */
+:root {
+  --vt-c-white: #ffffff;
+  --vt-c-white-soft: #f8f8f8;
+  --vt-c-white-mute: #f2f2f2;
+
+  --vt-c-black: #181818;
+  --vt-c-black-soft: #222222;
+  --vt-c-black-mute: #282828;
+
+  --vt-c-indigo: #2c3e50;
+
+  --vt-c-divider-light-1: rgba(60, 60, 60, 0.29);
+  --vt-c-divider-light-2: rgba(60, 60, 60, 0.12);
+  --vt-c-divider-dark-1: rgba(84, 84, 84, 0.65);
+  --vt-c-divider-dark-2: rgba(84, 84, 84, 0.48);
+
+  --vt-c-text-light-1: var(--vt-c-indigo);
+  --vt-c-text-light-2: rgba(60, 60, 60, 0.66);
+  --vt-c-text-dark-1: var(--vt-c-white);
+  --vt-c-text-dark-2: rgba(235, 235, 235, 0.64);
+}
+
+/* semantic color variables for this project */
+:root {
+  --color-background: var(--vt-c-white);
+  --color-background-soft: var(--vt-c-white-soft);
+  --color-background-mute: var(--vt-c-white-mute);
+
+  --color-border: var(--vt-c-divider-light-2);
+  --color-border-hover: var(--vt-c-divider-light-1);
+
+  --color-heading: var(--vt-c-text-light-1);
+  --color-text: var(--vt-c-text-light-1);
+
+  --section-gap: 160px;
+}
+
+@media (prefers-color-scheme: dark) {
+  :root {
+    --color-background: var(--vt-c-black);
+    --color-background-soft: var(--vt-c-black-soft);
+    --color-background-mute: var(--vt-c-black-mute);
+
+    --color-border: var(--vt-c-divider-dark-2);
+    --color-border-hover: var(--vt-c-divider-dark-1);
+
+    --color-heading: var(--vt-c-text-dark-1);
+    --color-text: var(--vt-c-text-dark-2);
+  }
+}
+
+*,
+*::before,
+*::after {
+  box-sizing: border-box;
+  margin: 0;
+  font-weight: normal;
+}
+
+body {
+  min-height: 100vh;
+  color: var(--color-text);
+  background: var(--color-background);
+  transition:
+    color 0.5s,
+    background-color 0.5s;
+  line-height: 1.6;
+  font-family:
+    Inter,
+    -apple-system,
+    BlinkMacSystemFont,
+    'Segoe UI',
+    Roboto,
+    Oxygen,
+    Ubuntu,
+    Cantarell,
+    'Fira Sans',
+    'Droid Sans',
+    'Helvetica Neue',
+    sans-serif;
+  font-size: 15px;
+  text-rendering: optimizeLegibility;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
--- a/frontend/src/assets/main.css
+++ b/frontend/src/assets/main.css
@ -0,0 +1,35 @@
+@import './base.css';
+
+#app {
+  max-width: 1280px;
+  margin: 0 auto;
+  padding: 2rem;
+  font-weight: normal;
+}
+
+a,
+.green {
+  text-decoration: none;
+  color: hsla(160, 100%, 37%, 1);
+  transition: 0.4s;
+  padding: 3px;
+}
+
+@media (hover: hover) {
+  a:hover {
+    background-color: hsla(160, 100%, 37%, 0.2);
+  }
+}
+
+@media (min-width: 1024px) {
+  body {
+    display: flex;
+    place-items: center;
+  }
+
+  #app {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    padding: 0 2rem;
+  }
+}
--- a/frontend/src/components/HelloWorld.vue
+++ b/frontend/src/components/HelloWorld.vue
@ -0,0 +1,44 @@
+<script setup>
+defineProps({
+  msg: {
+    type: String,
+    required: true
+  }
+})
+</script>
+
+<template>
+  <div class="greetings">
+    <h1 class="green">{{ msg }}</h1>
+    <h3>
+      You’ve successfully created a project with
+      <a href="https://vitejs.dev/" target="_blank" rel="noopener">Vite</a> +
+      <a href="https://vuejs.org/" target="_blank" rel="noopener">Vue 3</a>.
+    </h3>
+  </div>
+</template>
+
+<style scoped>
+h1 {
+  font-weight: 500;
+  font-size: 2.6rem;
+  position: relative;
+  top: -10px;
+}
+
+h3 {
+  font-size: 1.2rem;
+}
+
+.greetings h1,
+.greetings h3 {
+  text-align: center;
+}
+
+@media (min-width: 1024px) {
+  .greetings h1,
+  .greetings h3 {
+    text-align: left;
+  }
+}
+</style>
--- a/frontend/src/main.js
+++ b/frontend/src/main.js
@ -0,0 +1,6 @@
+import './assets/main.css'
+
+import { createApp } from 'vue'
+import App from './App.vue'
+
+createApp(App).mount('#app')
--- a/frontend/vite.config.js
+++ b/frontend/vite.config.js
@ -0,0 +1,16 @@
+import { fileURLToPath, URL } from 'node:url'
+
+import { defineConfig } from 'vite'
+import vue from '@vitejs/plugin-vue'
+
+// https://vitejs.dev/config/
+export default defineConfig({
+  plugins: [
+    vue(),
+  ],
+  resolve: {
+    alias: {
+      '@': fileURLToPath(new URL('./src', import.meta.url))
+    }
+  }
+})
--- a/main.py
+++ b/main.py
@ -0,0 +1,162 @@
+import json
+
+from fastapi import Depends, FastAPI, HTTPException
+from fastapi.encoders import jsonable_encoder
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.security import OAuth2PasswordBearer
+
+from auth import Hasher, create_access_token, get_current_user
+from crypto import (
+    deserialize_into_bytes,
+    fernet_decrypt,
+    fernet_encrypt,
+    generate_random_encryption_key,
+    generate_user_passkey,
+    serialize_bytes,
+)
+from models import Secret, User, UserLogin
+
+app = FastAPI()
+
+
+origins = [
+    'http://localhost',
+    'http://localhost:5173',
+    "*"
+]
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=['*'],
+    allow_headers=['*']
+)
+
+
+@app.get("/")
+async def root():
+    return {"'message'": "Hello World"}
+
+
+@app.post('/register')
+async def register(user: User):
+    """Registers a user"""
+
+    users = []
+    with open('database/users.json', 'r') as f:
+        text = f.read()
+        if text:
+            users = json.loads(text)
+
+    if user.id is not None:
+        raise HTTPException(
+            status_code=400,
+            detail="User id shall be auto generated, cannot be provided in request"
+        )
+    if not users:
+        user.id = 0
+    else:
+        max_user_id = max([i['id'] for i in users])
+        user.id = max_user_id + 1
+
+    user_exists = [i for i in users if i['username'] == user.username]
+    if user_exists:
+        raise HTTPException(status_code=400, detail="Username already in use")
+
+    encryption_key = generate_random_encryption_key()
+
+    salt, master_key = generate_user_passkey(user.password)
+    encrypted_encryption_key = fernet_encrypt(encryption_key, master_key)
+
+    user.password = Hasher.get_password_hash(user.password)
+    user.encryption_key = encrypted_encryption_key.decode('utf-8')
+    user.salt = serialize_bytes(salt)
+
+    users.append(jsonable_encoder(user))
+    # print(f"{salt=}\n{user.salt=}\n{encrypted_encryption_key=}\n{user.encryption_key=}\n{master_key=}")
+    with open('database/users.json', 'w') as f:
+        json.dump(users, f)
+
+    return {'user_id': user.id}
+
+
+@app.post('/login')
+async def login(user: UserLogin):
+    """logs in the user"""
+
+    users = []
+    with open('database/users.json', 'r') as f:
+        text = f.read()
+        if text:
+            users.extend(json.loads(text))
+
+    cur_user = [i for i in users if i['username']==user.username]
+    if not cur_user:
+        return {'message': "username or password is incorrect"}
+    else:
+        cur_user = cur_user[0]
+
+    password_match = Hasher.verify_password(user.password, cur_user['password'])
+    if not password_match:
+        return {'message': "username or password is incorrect"}
+
+    encrypted_encryption_key = cur_user['encryption_key'].encode()
+    salt = deserialize_into_bytes(cur_user['salt'])
+    _, master_key = generate_user_passkey(user.password, salt)
+    encryption_key = fernet_decrypt(encrypted_encryption_key, master_key)
+    access_token = create_access_token(subject=cur_user['id'], encryption_key=encryption_key)
+
+    response = {
+        'message': 'authenticated',
+        'accessToken': access_token
+    }
+
+    return response
+
+
+@app.post("/secret")
+async def create_secret(secret: Secret, current_user: dict = Depends(get_current_user)):
+    """
+    Stores and encrypted secret for the user.
+
+    The encrypted secret is unreadable on the server and is encrypted on the front-end
+    """
+
+    data = []
+    with open('database/secrets.json', 'r') as f:
+        text = f.read()
+        if text:
+            data.extend(json.loads(text))
+    secret.user_id = current_user['id']
+    encryption_key = current_user['encryption_key'].encode()
+
+    encrypted_data = fernet_encrypt(secret.data.encode(), encryption_key)
+
+    secret.data = encrypted_data.decode('utf-8')
+    data.append(jsonable_encoder(secret))
+
+    with open('database/secrets.json', 'w') as f:
+        json.dump(data, f)
+    return secret
+
+
+@app.get('/secret')
+async def list_secret(current_user: dict = Depends(get_current_user)):
+    """Returns the encrypted secrets of the user."""
+
+    data = []
+    with open('database/secrets.json', 'r') as f:
+        text = f.read()
+        if text:
+            data.extend(json.loads(text))
+
+    user_id = current_user['id']
+    encryption_key = current_user['encryption_key'].encode()
+
+    user_secrets = [i for i in data if i['user_id']==user_id]
+    for secret in user_secrets:
+        cur_data = secret['data']
+        decrypted_data = fernet_decrypt(cur_data, encryption_key)
+        secret['data'] = decrypted_data
+
+    return user_secrets
--- a/models.py
+++ b/models.py
@ -0,0 +1,26 @@
+import datetime
+
+from pydantic import BaseModel
+
+
+class User(BaseModel):
+    id: int = None
+    username: str
+    password: str
+    encryption_key: str = None
+    salt: str = None
+    created_on: str = datetime.datetime.now(datetime.timezone.utc).isoformat()
+    active: bool = True
+
+class UserLogin(BaseModel):
+    username: str
+    password: str
+
+class Secret(BaseModel):
+    user_id: int = None
+    data: str
+    salt: str = None
+    notes: str = None
+    added_on: str = datetime.datetime.now(datetime.timezone.utc).isoformat()
+    modified_on: str = None
+    active: bool = True