2023-02-17 15:55:19 +00:00
|
|
|
"""Handling of local secret used for encrypted backups.
|
|
|
|
|
Separated out for circular dependency reasons
|
|
|
|
|
"""
|
|
|
|
|
|
2023-02-22 19:28:04 +00:00
|
|
|
from __future__ import annotations
|
|
|
|
|
import secrets
|
|
|
|
|
|
|
|
|
|
from selfprivacy_api.utils.redis_pool import RedisPool
|
|
|
|
|
|
|
|
|
|
|
2023-02-17 15:55:19 +00:00
|
|
|
REDIS_KEY = "backup:local_secret"
|
|
|
|
|
|
2023-02-22 19:28:04 +00:00
|
|
|
redis = RedisPool().get_connection()
|
|
|
|
|
|
2023-02-17 15:55:19 +00:00
|
|
|
|
|
|
|
|
class LocalBackupSecret:
|
|
|
|
|
@staticmethod
|
2023-06-13 22:40:53 +00:00
|
|
|
def get() -> str:
|
2023-02-17 15:55:19 +00:00
|
|
|
"""A secret string which backblaze/other clouds do not know.
|
|
|
|
|
Serves as encryption key.
|
|
|
|
|
"""
|
2023-02-22 19:28:04 +00:00
|
|
|
if not LocalBackupSecret.exists():
|
|
|
|
|
LocalBackupSecret.reset()
|
2023-06-13 22:40:53 +00:00
|
|
|
return redis.get(REDIS_KEY) # type: ignore
|
2023-02-17 15:55:19 +00:00
|
|
|
|
2023-04-19 13:59:03 +00:00
|
|
|
@staticmethod
|
|
|
|
|
def set(secret: str):
|
|
|
|
|
redis.set(REDIS_KEY, secret)
|
|
|
|
|
|
2023-02-17 15:55:19 +00:00
|
|
|
@staticmethod
|
|
|
|
|
def reset():
|
2023-02-22 19:28:04 +00:00
|
|
|
new_secret = LocalBackupSecret._generate()
|
2023-04-19 13:59:03 +00:00
|
|
|
LocalBackupSecret.set(new_secret)
|
2023-02-17 15:55:19 +00:00
|
|
|
|
2023-04-19 14:24:53 +00:00
|
|
|
@staticmethod
|
|
|
|
|
def _full_reset():
|
|
|
|
|
redis.delete(REDIS_KEY)
|
|
|
|
|
|
2023-02-22 19:28:04 +00:00
|
|
|
@staticmethod
|
|
|
|
|
def exists() -> bool:
|
2023-06-13 23:52:10 +00:00
|
|
|
return redis.exists(REDIS_KEY) == 1
|
2023-02-17 15:55:19 +00:00
|
|
|
|
|
|
|
|
@staticmethod
|
2023-02-22 19:28:04 +00:00
|
|
|
def _generate() -> str:
|
|
|
|
|
return secrets.token_urlsafe(256)
|
