pyMC_Repeater/repeater/web/auth/api_tokens.py

import secrets
import hmac
import hashlib
from typing import Optional, List, Dict
import logging

logger = logging.getLogger(__name__)


class APITokenManager:
    def __init__(self, sqlite_handler, secret_key: str):

        self.db = sqlite_handler
        self.secret_key = secret_key.encode('utf-8')
    
    def generate_api_token(self) -> str:
        return secrets.token_hex(32)
    
    def hash_token(self, token: str) -> str:
        return hmac.new(
            self.secret_key,
            token.encode('utf-8'),
            hashlib.sha256
        ).hexdigest()
    
    def create_token(self, name: str) -> tuple[int, str]:
        plaintext_token = self.generate_api_token()
        token_hash = self.hash_token(plaintext_token)
        
        token_id = self.db.create_api_token(name, token_hash)
        
        logger.info(f"Created API token '{name}' with ID {token_id}")
        return token_id, plaintext_token
    
    def verify_token(self, token: str) -> Optional[Dict]:
        token_hash = self.hash_token(token)
        return self.db.verify_api_token(token_hash)
    
    def revoke_token(self, token_id: int) -> bool:
        deleted = self.db.revoke_api_token(token_id)
        
        if deleted:
            logger.info(f"Revoked API token ID {token_id}")
        
        return deleted
    
    def list_tokens(self) -> List[Dict]:
        return self.db.list_api_tokens()