8000 GitHub - jpegleg/salsa_falcon: template for falcon asgi api with pycryptodome
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

jpegleg/salsa_falcon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
< 8000 /td>
src
src
 
 
.protean
.protean
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

salsa_falcon

A template for falcon asgi api with pycryptodome. All encryption software is from pycryptodome, and in regards to tls, uvicorn.

https://www.pycryptodome.org/en/latest/

https://www.uvicorn.org/

You can of course swap out pycryptodome and/or uvicorn for other components.

The template uses pycryptodome Salsa20 and reads the POST data as a stream.

The template outputs as serialized hex for ease of transport. If you need to optimize the network usage and speed, or because you want the raw plaintext/original in the decrypt api output, you can skip the hex encode there.

Example generating a 32 byte (256 bit) string manually:

cat /dev/urandom | head -n10 | xxd -p | tr -d '\n' | cut -c1-32

Example on_post function in Falcon:

    async def on_post(self, req, resp):
        """Handles POST requests for encryption."""
        datab = await req.stream.read()
        key = b'$my_32byte_keygoeshere'
        cipher = Salsa20.new(key)
        ciphertext = cipher.nonce + cipher.encrypt(datab)
        resp.text = binascii.hexlify(ciphertext)

And then we can set custom routes to different classes etc.

The template has 4 routes, two sets of encrypt and decrypt methods, serialized hex format or raw data.

Here we are changing the decrypt route to a differing URI context, something you may want in some situations.

encrypt = SalfalXResource()
decrypt = SalfalDResource()
app.add_route('/api/encrypt/0', encrypt)
app.add_route('/api/decrypt/c6fbe4491f2011cc1d5', decrypt)

example client requests with cURL

send in some text to a remote salsa falcon over https

curl -X POST --data 'what up, encrypt this real quick' https://myremotefalconservice:8000/api/encrypt/0

Using "time" to measure the time for the cURL, and some more verbose cURL options, non-https local listener

Note that both --data-binary and --data are supported.

send in the data file to be encrypted and write out

time curl --request POST  --data-binary '@anything.dat' http://localhost:8000/api/encrypt/0 -o anything.dat.asc

send in the data file to be decrypted

time curl -X POST --data-binary '@anything.dat.asc' http://localhost:8000/api/decrypt/0 -o anything.dat

send in the data file and overwrite it with the encrypted version

time curl -X POST  --data-binary '@anything.dat' http://localhost:8000/api/encrypt/0 -o anything.dat

use text in arg instead of file as input

time curl -X POST  --data-binary 'I am encrypting this message.' http://localhost:8000/api/encrypt/0 -o encryptedinput.asc

write to raw binary by calling that URI context route

time curl -X POST  --data-binary 'I am encrypting this message.' http://localhost:8000/api/encrypt/1 -o encryptedinput.asc

decrypt from input and print out plaintext instead of writing it to a file

time curl -X POST  --data-binary '73ceea5c2c2c67f359c2896815d452bf413565a9d13d0736cc54aff6bb71e3bb5377f16fe213' http://localhost:8000/api/decrypt/0 | xxd -r -p

If you use this template, you probably want to implement TLS with it as well:

TLS with uvicorn

uvicorn salsa_falcon:app --log-level=trace --host=0.0.0.0 --port=8000 --ssl-certfile /etc/cert.pem --ssl-keyfile /etc/key.pem

https://pypi.org/project/falcon-require-https/

Add more routes, auth, storage, and any middleware easily with Falcon.

https://falconframework.org/

Also see yaml_dip, a salsa_falcon client template

https://github.com/jpegleg/yaml_dip

About

template for falcon asgi api with pycryptodome

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
0