Spaces:
Sleeping
Sleeping
File size: 7,429 Bytes
fb1b04a 0cc6cea fb1b04a 0cc6cea fb1b04a |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 |
import os
import sqlite3
import secrets
import hashlib
import spaces
import time
from argon2 import PasswordHasher
from cryptography.fernet import Fernet
from transformers import AutoTokenizer, AutoModel
import torch
import numpy as np
# Initialize global variables
TOKEN = os.getenv("HF_TOKEN")
MODEL_NAME = os.getenv("SECRET_M")
ADMIN_USERNAME = os.getenv("ADMIN_USERNAME")
ADMIN_PASSWORD = os.getenv("ADMIN_PASSWORD")
tokenizer = None
model = None
# Initialize Argon2 hasher and Fernet cipher
ph = PasswordHasher()
cipher_key = Fernet.generate_key()
cipher = Fernet(cipher_key)
def get_db_connection():
conn = sqlite3.connect('database/grimvault.db')
conn.row_factory = sqlite3.Row
return conn
def create_tables(conn):
c = conn.cursor()
c.execute('''CREATE TABLE IF NOT EXISTS users
(username TEXT PRIMARY KEY, password_hash TEXT, embedding_hash TEXT,
salt TEXT, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP)''')
c.execute('''CREATE TABLE IF NOT EXISTS files
(id INTEGER PRIMARY KEY, username TEXT, filename TEXT,
content BLOB, size INTEGER, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP)''')
conn.commit()
@spaces.GPU
def get_embedding(text):
global tokenizer, model
if tokenizer is None or model is None:
tokenizer = AutoTokenizer.from_pretrained(MODEL_NAME)
model = AutoModel.from_pretrained(MODEL_NAME, torch_dtype=torch.float16)
if tokenizer.pad_token is None:
tokenizer.pad_token = tokenizer.eos_token
model.resize_token_embeddings(len(tokenizer))
inputs = tokenizer(text, return_tensors="pt", padding=True, truncation=True, max_length=512)
with torch.no_grad():
outputs = model(**inputs)
return outputs.last_hidden_state.mean(dim=1).squeeze().numpy()
def hash_embedding(embedding, salt):
salted_embedding = np.concatenate([embedding, np.frombuffer(salt, dtype=np.float32)])
return hashlib.sha256(salted_embedding.tobytes()).hexdigest()
def create_user(username, password):
conn = get_db_connection()
c = conn.cursor()
# Check if username already exists
c.execute("SELECT * FROM users WHERE username = ?", (username,))
if c.fetchone():
conn.close()
return "Username already exists."
# Generate salt and create password hash
salt = secrets.token_bytes(16)
password_hash = ph.hash(password + salt.hex())
# Generate embedding and hash it
embedding = get_embedding(password)
embedding_hash = hash_embedding(embedding, salt)
# Store user data
c.execute("INSERT INTO users (username, password_hash, embedding_hash, salt) VALUES (?, ?, ?, ?)",
(username, password_hash, embedding_hash, salt))
conn.commit()
conn.close()
return "User created successfully."
def verify_user(username, password):
conn = get_db_connection()
c = conn.cursor()
c.execute("SELECT * FROM users WHERE username = ?", (username,))
user = c.fetchone()
conn.close()
if not user:
return False
try:
# Verify password
ph.verify(user['password_hash'], password + user['salt'].hex())
# Verify embedding
embedding = get_embedding(password)
embedding_hash = hash_embedding(embedding, user['salt'])
if embedding_hash != user['embedding_hash']:
return False
return True
except:
return False
def get_user_files(username):
conn = get_db_connection()
c = conn.cursor()
c.execute("SELECT filename, size FROM files WHERE username = ?", (username,))
files = c.fetchall()
conn.close()
return files
def upload_file(username, filename, content):
conn = get_db_connection()
c = conn.cursor()
# Check if file already exists
c.execute("SELECT * FROM files WHERE username = ? AND filename = ?", (username, filename))
if c.fetchone():
conn.close()
return f"File {filename} already exists."
# Insert file data
c.execute("INSERT INTO files (username, filename, content, size) VALUES (?, ?, ?, ?)",
(username, filename, content, len(content)))
conn.commit()
conn.close()
return f"File {filename} uploaded successfully."
def download_file(username, filename):
conn = get_db_connection()
c = conn.cursor()
c.execute("SELECT content FROM files WHERE username = ? AND filename = ?", (username, filename))
file = c.fetchone()
conn.close()
if file:
return file['content']
else:
return None
def delete_file(username, filename):
conn = get_db_connection()
c = conn.cursor()
c.execute("DELETE FROM files WHERE username = ? AND filename = ?", (username, filename))
if c.rowcount == 0:
conn.close()
return f"File {filename} not found."
conn.commit()
conn.close()
return f"File {filename} deleted successfully."
def empty_vault(username):
conn = get_db_connection()
c = conn.cursor()
c.execute("DELETE FROM files WHERE username = ?", (username,))
conn.commit()
conn.close()
return "All files in your vault have been deleted."
def is_admin(username):
return username == ADMIN_USERNAME
def get_all_accounts():
conn = get_db_connection()
c = conn.cursor()
c.execute("SELECT username, created_at FROM users")
accounts = c.fetchall()
conn.close()
return accounts
def delete_account(username):
if username == ADMIN_USERNAME:
return "Cannot delete admin account."
conn = get_db_connection()
c = conn.cursor()
c.execute("DELETE FROM users WHERE username = ?", (username,))
c.execute("DELETE FROM files WHERE username = ?", (username,))
conn.commit()
conn.close()
return f"Account {username} and all associated files have been deleted."
def encrypt_file(filename, content):
return cipher.encrypt(content)
def decrypt_file(filename, encrypted_content):
return cipher.decrypt(encrypted_content)
# Rate limiting
RATE_LIMIT = 5 # maximum number of requests per minute
rate_limit_dict = {}
def is_rate_limited(username):
current_time = time.time()
if username in rate_limit_dict:
last_request_time, count = rate_limit_dict[username]
if current_time - last_request_time < 60: # within 1 minute
if count >= RATE_LIMIT:
return True
rate_limit_dict[username] = (last_request_time, count + 1)
else:
rate_limit_dict[username] = (current_time, 1)
else:
rate_limit_dict[username] = (current_time, 1)
return False
# Account lockout
MAX_LOGIN_ATTEMPTS = 5
LOCKOUT_TIME = 300 # 5 minutes
lockout_dict = {}
def is_account_locked(username):
if username in lockout_dict:
attempts, lockout_time = lockout_dict[username]
if attempts >= MAX_LOGIN_ATTEMPTS:
if time.time() - lockout_time < LOCKOUT_TIME:
return True
else:
del lockout_dict[username]
return False
def record_login_attempt(username, success):
if username not in lockout_dict:
lockout_dict[username] = [0, 0]
if success:
del lockout_dict[username]
else:
lockout_dict[username][0] += 1
lockout_dict[username][1] = time.time() |