Skip to content
Snippets Groups Projects
Select Git revision
  • 94300ee81707c494ec820412be6ce487e4b63682
  • master default protected
2 results

PostHistory.pm

Blame
  • __init__.py 1.46 KiB
    """Utilities."""
    
    import base64
    
    import argon2
    import flask
    
    __all__ = ["get_ip_hash"]
    
    def get_ip_hash() -> str:
    	r"""Generates a base64-encoded Argon2id hash for the current Flask request's
    	remote address, with the current app's ``IDENTIFIER_HASH_PEPPER`` config key
    	as the salt (pepper).
    
    	Since hashes will always be Argon2id and share the same parameters, to save
    	storage, extra data usually present is not included and only the raw hash is
    	returned.
    
    	:returns: The hash.
    
    	.. note::
    		A shared pepper isn't the best from a security standpoint, but the best we
    		can afford to use here, since this function is primarily used to find
    		existing rows based on the hash's result - for example, guests with the
    		same IP address. For this to happen at a reasonable speed, salt values
    		random for each user cannot be used.
    
    	.. note::
    		To avoid leaking the secret key, the pepper is separate.
    
    	.. seealso::
    		`Wikipedia - Pepper (cryptography), on Wikiless <https://wikiless.org/\
    		wiki/Pepper_(cryptography)>`_
    	"""
    
    	return base64.b64encode(
    		argon2.low_level.hash_secret_raw(
    			flask.request.remote_addr.encode("utf-8"),
    			salt=flask.current_app.config["IDENTIFIER_HASH_PEPPER"].encode("utf-8"),
    			time_cost=flask.current_app.config["IDENTIFIER_HASH_TIME_COST"],
    			memory_cost=flask.current_app.config["IDENTIFIER_HASH_MEMORY_COST"],
    			parallelism=flask.current_app.config["IDENTIFIER_HASH_PARALLELISM"],
    			hash_len=32,
    			type=argon2.low_level.Type.ID
    		)
    	).decode("utf-8")