39 lines
969 B
Python
39 lines
969 B
Python
import logging
|
|
|
|
from cryptography.fernet import Fernet, InvalidToken
|
|
|
|
from app.config import settings
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
_fernet: Fernet | None = None
|
|
|
|
|
|
def _get_fernet() -> Fernet | None:
|
|
global _fernet
|
|
if _fernet is not None:
|
|
return _fernet
|
|
if not settings.encryption_key:
|
|
logger.warning("ENCRYPTION_KEY nicht gesetzt — Passwörter werden im Klartext gespeichert!")
|
|
return None
|
|
_fernet = Fernet(settings.encryption_key.encode())
|
|
return _fernet
|
|
|
|
|
|
def encrypt(plaintext: str) -> str:
|
|
f = _get_fernet()
|
|
if f is None:
|
|
return plaintext
|
|
return f.encrypt(plaintext.encode()).decode()
|
|
|
|
|
|
def decrypt(ciphertext: str) -> str:
|
|
f = _get_fernet()
|
|
if f is None:
|
|
return ciphertext
|
|
try:
|
|
return f.decrypt(ciphertext.encode()).decode()
|
|
except InvalidToken:
|
|
# Might be unencrypted (e.g. from YAML import before encryption was set up)
|
|
return ciphertext
|