Initial commit: 000-platform project skeleton

2026-01-23 14:32:09 +08:00
commit daa8125c58
31 changed files with 1517 additions and 0 deletions
--- a/backend/app/services/crypto.py
+++ b/backend/app/services/crypto.py
@@ -0,0 +1,37 @@
+"""配置加密服务"""
+import base64
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+from ..config import get_settings
+
+settings = get_settings()
+
+
+def _get_fernet() -> Fernet:
+    """获取Fernet实例"""
+    # 使用PBKDF2从密钥派生32字节密钥
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=b'platform_salt_2026',
+        iterations=100000,
+    )
+    key = base64.urlsafe_b64encode(kdf.derive(settings.CONFIG_ENCRYPT_KEY.encode()))
+    return Fernet(key)
+
+
+def encrypt_value(value: str) -> str:
+    """加密配置值"""
+    f = _get_fernet()
+    encrypted = f.encrypt(value.encode())
+    return base64.urlsafe_b64encode(encrypted).decode()
+
+
+def decrypt_value(encrypted_value: str) -> str:
+    """解密配置值"""
+    f = _get_fernet()
+    encrypted = base64.urlsafe_b64decode(encrypted_value.encode())
+    decrypted = f.decrypt(encrypted)
+    return decrypted.decode()