diff options
| author | Elrond <elrond+mediagoblin.org@samba-tng.org> | 2013-03-22 18:46:47 +0100 |
|---|---|---|
| committer | Elrond <elrond+mediagoblin.org@samba-tng.org> | 2013-03-22 18:46:47 +0100 |
| commit | 5907154a593bf5fc02c1e0fbc8afe683ac7d3602 (patch) | |
| tree | 1435060b06037c9735c8cbe02cb0601275b74b52 /mediagoblin/tools | |
| parent | 398d384137bce928592dd63c210126ab989ee69c (diff) | |
| download | mediagoblin-5907154a593bf5fc02c1e0fbc8afe683ac7d3602.tar.lz mediagoblin-5907154a593bf5fc02c1e0fbc8afe683ac7d3602.tar.xz mediagoblin-5907154a593bf5fc02c1e0fbc8afe683ac7d3602.zip | |
Basic itsdangerous infrastructure.
Implement the basic infrastructure for using itsdangerous
in mediagoblin. Usage instructions will follow.
Diffstat (limited to 'mediagoblin/tools')
| -rw-r--r-- | mediagoblin/tools/crypto.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/mediagoblin/tools/crypto.py b/mediagoblin/tools/crypto.py new file mode 100644 index 00000000..46752b55 --- /dev/null +++ b/mediagoblin/tools/crypto.py @@ -0,0 +1,55 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2013 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os.path +import logging +import random +import itsdangerous +from mediagoblin import mg_globals + +_log = logging.getLogger(__name__) + + +# Use the system (hardware-based) random number generator if it exists. +# -- this optimization is lifted from Django +if hasattr(random, 'SystemRandom'): + getrandbits = random.SystemRandom().getrandbits +else: + getrandbits = random.getrandbits + + +__itsda_secret = None + + +def setup_crypto(): + global __itsda_secret + dir = mg_globals.app_config["crypto_path"] + if not os.path.isdir(dir): + _log.info("Creating %s", dir) + os.makedirs(dir) + name = os.path.join(dir, "itsdangeroussecret.bin") + if os.path.exists(name): + __itsda_secret = file(name, "r").read() + else: + __itsda_secret = str(getrandbits(192)) + file(name, "w").write(__itsda_secret) + _log.info("Created %s", name) + + +def get_timed_signer_url(namespace): + assert __itsda_secret is not None + return itsdangerous.URLSafeTimedSerializer(__itsda_secret, + salt=namespace) |