my-dev
/
uploader-bot
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
uploader-bot/app/core/_crypto/content.py

118 lines
4.2 KiB
Python
Raw Blame History

import os
from datetime import datetime
from hashlib import sha256
import aiofiles
from Crypto.Random import get_random_bytes
from base58 import b58encode
from app.core._config import UPLOADS_DIR
from app.core._crypto.cipher import AESCipher
from app.core.models.keys import KnownKey
from app.core.models.node_storage import StoredContent
from app.core.logger import make_log
async def create_new_encryption_key(db_session, user_id: int = None) -> KnownKey:
randpart = get_random_bytes(32)
new_seed = randpart
new_seed_str = b58encode(new_seed).decode()
new_seed_hash_bin = sha256(new_seed).digest()
new_seed_hash = b58encode(new_seed_hash_bin).decode()
public_key = get_random_bytes(32) # not used yet, algo is symmetric
public_key_str = b58encode(public_key).decode()
public_key_hash_bin = sha256(public_key).digest()
public_key_hash = b58encode(public_key_hash_bin).decode()
new_key = KnownKey(
type="CONTENT_ENCRYPTION_KEY",
seed=new_seed_str,
seed_hash=new_seed_hash,
public_key=public_key_str,
public_key_hash=public_key_hash,
algo="AES256",
meta={"I_user_id": user_id} if user_id else None,
created=datetime.now()
)
db_session.add(new_key)
db_session.commit()
new_key = db_session.query(KnownKey).filter(KnownKey.seed_hash == new_seed_hash).first()
assert new_key, "Key not created"
return new_key
async def create_encrypted_content(
db_session, decrypted_content: StoredContent,
) -> StoredContent:
encrypted_content = db_session.query(StoredContent).filter(
StoredContent.id == decrypted_content.id
).first()
if encrypted_content:
make_log("create_encrypted_content", f"(d={decrypted_content.cid.serialize_v2()}) => (e={encrypted_content.cid.serialize_v2()}): already exist (found by decrypted content)", level="debug")
return encrypted_content
encrypted_content = None
if decrypted_content.key is None:
key = await create_new_encryption_key(db_session, user_id=decrypted_content.user_id)
decrypted_content.key_id = key.id
db_session.commit()
decrypted_content = db_session.query(StoredContent).filter(
StoredContent.id == decrypted_content.id
).first()
assert decrypted_content.key_id, "Key not assigned"
decrypted_path = os.path.join(UPLOADS_DIR, decrypted_content.hash)
async with aiofiles.open(decrypted_path, mode='rb') as file:
decrypted_bin = await file.read()
key = decrypted_content.key
cipher = AESCipher(key.seed_bin)
encrypted_bin = cipher.encrypt(decrypted_bin)
encrypted_hash_bin = sha256(encrypted_bin).digest()
encrypted_hash = b58encode(encrypted_hash_bin).decode()
encrypted_content = db_session.query(StoredContent).filter(
StoredContent.hash == encrypted_hash
).first()
if encrypted_content:
make_log("create_encrypted_content", f"(d={decrypted_content.cid.serialize_v2()}) => (e={encrypted_content.cid.serialize_v2()}): already exist (found by encrypted_hash)", level="debug")
return encrypted_content
encrypted_content = None
encrypted_meta = decrypted_content.meta
encrypted_meta["encrypt_algo"] = "AES256"
encrypted_content = StoredContent(
type="local/content_bin",
hash=encrypted_hash,
onchain_index=None,
filename=decrypted_content.filename,
meta=encrypted_meta,
user_id=decrypted_content.user_id,
encrypted=True,
decrypted_content_id=decrypted_content.id,
key_id=decrypted_content.key_id,
created=datetime.now(),
)
db_session.add(encrypted_content)
db_session.commit()
encrypted_path = os.path.join(UPLOADS_DIR, encrypted_hash)
async with aiofiles.open(encrypted_path, mode='wb') as file:
await file.write(encrypted_bin)
encrypted_content = db_session.query(StoredContent).filter(
StoredContent.hash == encrypted_hash
).first()
assert encrypted_content, "Content not created"
make_log("create_encrypted_content", f"(d={decrypted_content.cid.serialize_v2()}) => (e={encrypted_content.cid.serialize_v2()}): created new content/bin", level="debug")
return encrypted_content
Reference in New Issue View Git Blame Copy Permalink