crypt

Application cryptography configuration

app.lib.crypt.get_encryption_key(secret: str) bytes[source]

Get Encryption Key.

Parameters:

secret (str) – Secret key used for encryption

Returns:

a URL safe encoded version of secret

Return type:

bytes

async app.lib.crypt.get_password_hash(password: str | bytes) str[source]

Get password hash.

Parameters:

password – Plain password

Returns:

Hashed password

Return type:

str

async app.lib.crypt.verify_password(plain_password: str | bytes, hashed_password: str) bool[source]

Verify Password.

Parameters:

  • plain_password (str | bytes) – The string or byte password

  • hashed_password (str) – the hash of the password

Returns:

True if password matches hash.

Return type:

bool

app.lib.crypt.generate_totp_secret() str[source]

Generate a new TOTP secret.

Returns:

A base32-encoded secret key for TOTP.

app.lib.crypt.verify_totp_code(secret: str, code: str) bool[source]

Verify a TOTP code.

Parameters:

  • secret – The user’s TOTP secret.

  • code – The 6-digit code to verify.

Returns:

True if the code is valid, False otherwise.

app.lib.crypt.get_totp_provisioning_uri(secret: str, email: str, issuer: str = 'Litestar App') str[source]

Get the provisioning URI for TOTP setup.

Parameters:

  • secret – The TOTP secret.

  • email – The user’s email address.

  • issuer – The application name.

Returns:

// URI for the authenticator app.

Return type:

The otpauth

async app.lib.crypt.generate_totp_qr_code(secret: str, email: str, issuer: str = 'Litestar App') bytes[source]

Generate a QR code image for TOTP setup.

Parameters:

  • secret – The TOTP secret.

  • email – The user’s email address.

  • issuer – The application name.

Returns:

PNG image data as bytes.

app.lib.crypt.generate_backup_codes(count: int = 8) list[str][source]

Generate recovery backup codes.

Parameters:

count – Number of backup codes to generate.

Returns:

List of backup codes (plaintext).

async app.lib.crypt.verify_backup_code(code: str, hashed_codes: list[str | None], *, raise_on_not_found: Literal[True]) int[source]
async app.lib.crypt.verify_backup_code(code: str, hashed_codes: list[str | None], *, raise_on_not_found: Literal[False] = False) int | None

Verify a backup code against the stored hashes.

Parameters:

  • code – The plaintext backup code to verify.

  • hashed_codes – List of hashed backup codes (None entries are skipped).

  • raise_on_not_found – If True, raise ValueError when code is not found.

Returns:

The index of the matching code if found, None otherwise (unless raise_on_not_found is True).

Raises:

ValueError – If raise_on_not_found is True and the code is not found.