abdf5e7747
A hidden /admin path (not in nav) protected by a TOTP secret you enroll by scanning a QR into Google Authenticator / Authy, then entering the rotating 6-digit code. adminauth.py persists the secret + session key under DATA_DIR (gitignored); the QR only renders until first successful verification so the provisioning secret isn't perpetually exposed. SessionMiddleware carries a 60-min admin session. This becomes the secured control center the rest of the system gets built into. Verified end-to-end: gate renders QR, the live code authenticates and sets the session, the dashboard renders only with the session cookie, a wrong code is rejected, and an unauthenticated request never leaks the dashboard. Deps: pyotp, qrcode[pil], itsdangerous. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
48 lines
921 B
TOML
48 lines
921 B
TOML
[build-system]
|
|
requires = ["hatchling"]
|
|
build-backend = "hatchling.build"
|
|
|
|
[project]
|
|
name = "psyc"
|
|
version = "0.1.0"
|
|
description = "Defensive CTI routing & evidence-sealing platform"
|
|
requires-python = ">=3.10"
|
|
dependencies = [
|
|
"fastapi>=0.115",
|
|
"uvicorn[standard]>=0.30",
|
|
"jinja2>=3.1",
|
|
"python-multipart>=0.0.9",
|
|
"pydantic>=2.7",
|
|
"httpx>=0.27",
|
|
"typer>=0.12",
|
|
"pynacl>=1.5",
|
|
"structlog>=24.1",
|
|
"sqlalchemy>=2.0",
|
|
"python-dotenv>=1.0",
|
|
"pyotp>=2.9",
|
|
"qrcode[pil]>=7.4",
|
|
"itsdangerous>=2.1",
|
|
]
|
|
|
|
[project.optional-dependencies]
|
|
dev = ["pytest>=8.0"]
|
|
|
|
[project.scripts]
|
|
psyc = "psyc.cli:app"
|
|
|
|
[tool.hatch.build.targets.wheel]
|
|
packages = ["src/psyc"]
|
|
|
|
[tool.pytest.ini_options]
|
|
testpaths = ["tests"]
|
|
|
|
[tool.ruff]
|
|
line-length = 120
|
|
|
|
[tool.ruff.lint]
|
|
select = ["E", "F", "I", "B"]
|
|
ignore = ["UP006", "UP007", "UP035"]
|
|
|
|
[tool.ruff.lint.isort]
|
|
known-first-party = ["psyc"]
|