notifier/backend-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
backend-api/src/validator.py
Florian 582cc0d9b9
All checks were successful
Build & Publish to GHCR / build (push) Successful in 21s
Details
Checking if a valid token has been supplied from the app, only works with Android tokens
2025-10-09 16:31:37 +02:00

48 lines
1.1 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

from argon2 import PasswordHasher
import re
def is_valid_platform(platform) -> bool:
if platform not in ["ios","android","web"]:
return False
return True
def is_valid_token(token: str) -> bool:
"""
Validate a push notification token.
Criteria:
- Must be a string
- Correct length (e.g., 140200 chars)
- Only safe characters (alphanumeric, dash, underscore)
"""
if not isinstance(token, str):
return False
if not (140 <= len(token) <= 200):
return False
if not re.match(r'^[A-Za-z0-9\-_]+$', token):
return False
return True
ph = PasswordHasher()
def hash_api_key(api_key: str) -> str:
return ph.hash(api_key)
def verify_api_key(api_key: str, hashed: str) -> bool:
try:
return ph.verify(hashed, api_key)
except Exception:
return False
if __name__=="__main__":
plain_key = "super-secret-api-key"
#hashed_key = hash_api_key(plain_key)
hashed_key = '$argon2id$v=19$m=65536,t=3,p=4$vqU+MRafVW1b8AtF+zHb0w$p1J4Gyb0jhlVtKgYyjTITxfU97YaayeS3s3qFFP5sVM'
print("Hashed API Key:", hashed_key)
print("Verification:", verify_api_key(plain_key, hashed_key))
Reference in New Issue View Git Blame Copy Permalink