Replace the `cryptography` library with `pycryptodome` for password encryption.
The previous implementation used AES-GCM with a static key derived from a
hardcoded secret. This change introduces a more robust security model by:
- Using PBKDF2 to derive the encryption key from the secret.
- Adding a unique, randomly generated salt for each encrypted password.
This significantly enhances security by protecting against rainbow table
and pre-computation attacks.
BREAKING CHANGE: The password encryption format has changed. All previously
encrypted passwords stored in the database are now invalid and will need
to be reset.
Replaces the `pyeasyencrypt` library with a more robust and standard
encryption implementation using `cryptography.hazmat`.
This commit introduces AES-256-GCM for encrypting and decrypting user
account passwords. The `add_account` endpoint now properly encrypts
passwords before database insertion.
Error handling has been added to the `get_user_accounts` endpoint to
manage decryption failures for legacy passwords, which will be returned
as "DECRYPTION_FAILED".
BREAKING CHANGE: The password encryption algorithm has been changed.
All previously stored passwords are now invalid and cannot be decrypted.
This commit refactors the entire backend application into a more structured and maintainable Flask project. It introduces an application factory pattern, consolidates routes into a blueprint, and implements a robust authentication and database layer.
- Introduces a Flask application factory (`create_app` in `main.py`) for better organization and testability.
- Consolidates all API routes into a single blueprint (`routes/api.py`) for modularity.
- Implements a new basic authentication system using a decorator (`@requires_basic_auth`) to secure all endpoints.
- Refactors the database access layer with standardized query execution and connection handling.
- Adds new modules for core logic, including an account checker (`checker.py`) and user retrieval (`get_users.py`).
- Updates the VSCode launch configuration to support the new Flask application structure.
BREAKING CHANGE: The application has been completely restructured. The old `server.py` entry point is removed. The application should now be run via the app factory in `main.py`. All API endpoints now require basic authentication.
