6511353b55
Backend: - Complete FastAPI backend with 42+ REST endpoints (auth, servers, config, players, bans, missions, mods, games, system) - Game adapter architecture with Arma 3 as first-class adapter - WebSocket real-time events for status, metrics, logs, players - Background thread system (process monitor, metrics, log tail, RCon poller) - Fernet encryption for sensitive config fields at rest - JWT auth with admin/viewer roles, bcrypt password hashing - SQLite with WAL mode, parameterized queries, migration system - APScheduler cleanup jobs for logs, metrics, events Frontend: - Server Detail page with 7 tabs (overview, config, players, bans, missions, mods, logs) - Settings page with password change and admin user management - Create Server wizard (4-step; known bug: silent validation failure) - New hooks: useServerDetail, useAuth, useGames - New components: ServerHeader, ConfigEditor, PlayerTable, BanTable, MissionList, ModList, LogViewer, PasswordChange, UserManager - WebSocket onEvent callback for real-time log accumulation - 120 unit tests passing (Vitest + React Testing Library) Docs: - Added .gitignore, CLAUDE.md, README.md - Updated FRONTEND.md, ARCHITECTURE.md with current implementation state - Added .env.example for backend configuration Known issues: - Create Server form: "Next" buttons don't validate before advancing, causing silent submit failure when fields are invalid - Config sub-tabs need UX redesign for non-technical users
48 lines
1.4 KiB
Python
48 lines
1.4 KiB
Python
"""JWT creation/validation and password hashing."""
|
|
from __future__ import annotations
|
|
|
|
import logging
|
|
from datetime import datetime, timedelta, timezone
|
|
|
|
import bcrypt
|
|
from jose import JWTError, jwt
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def hash_password(password: str) -> str:
|
|
"""Hash a password using bcrypt. Returns UTF-8 encoded hash string."""
|
|
password_bytes = password.encode("utf-8")
|
|
salt = bcrypt.gensalt()
|
|
hashed = bcrypt.hashpw(password_bytes, salt)
|
|
return hashed.decode("utf-8")
|
|
|
|
|
|
def verify_password(plain: str, hashed: str) -> bool:
|
|
"""Verify a plain password against a bcrypt hash."""
|
|
try:
|
|
return bcrypt.checkpw(plain.encode("utf-8"), hashed.encode("utf-8"))
|
|
except Exception as exc:
|
|
logger.warning("Password verification failed: %s", exc)
|
|
return False
|
|
|
|
|
|
def create_access_token(user_id: int, username: str, role: str) -> str:
|
|
from config import settings
|
|
expire = datetime.now(timezone.utc) + timedelta(hours=settings.jwt_expire_hours)
|
|
payload = {
|
|
"sub": str(user_id),
|
|
"username": username,
|
|
"role": role,
|
|
"exp": expire,
|
|
}
|
|
return jwt.encode(payload, settings.secret_key, algorithm="HS256")
|
|
|
|
|
|
def decode_access_token(token: str) -> dict:
|
|
"""
|
|
Decode and validate JWT. Returns payload dict.
|
|
Raises JWTError on invalid/expired token.
|
|
"""
|
|
from config import settings
|
|
return jwt.decode(token, settings.secret_key, algorithms=["HS256"]) |