Plan sect.5: parola RAR vine per-cerere, stocata CRIPTATA in submission pana la primul login reusit pe cont, apoi stearsa; JWT 30h acopera restul. - app/crypto.py: Fernet, cheie din AUTOPASS_creds_key (nesetata -> efemera la runtime, creds nu supravietuiesc restartului). encrypt/decrypt_creds. - schema + migrare: submissions.rar_creds_enc (creds criptate). - ingestie: cripteaza rar_credentials, le lipeste de fiecare submission nou. Niciodata in clar in DB. - worker: AccountSessions (login per-cont cu creds decriptate, cache JWT in memorie, sterge creds-urile contului dupa primul login + refresh nomenclator). 401 creds gresite -> error fara retry; token expirat -> invalidare + requeue; fara creds (restart) -> requeue "indisponibile" (ROAAUTO re-trimite). claim_one intoarce account_id + creds_enc; recover_orphans filtrabil pe cont. - requirements: cryptography==46.0.5. Nota: refresh nomenclator e acum lazy la primul login per-cont (nu la pornire); seed-ul fallback acopera editorul offline. 10 teste noi (tests/test_creds_delivery.py). 95 pass total. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
17 lines
584 B
Plaintext
17 lines
584 B
Plaintext
# Gateway RAR AUTOPASS — dependinte runtime
|
|
# Versiuni aliniate la ce e instalat in container (2026-06-15).
|
|
fastapi==0.115.0
|
|
uvicorn[standard]==0.30.0
|
|
httpx==0.27.*
|
|
jinja2==3.1.*
|
|
pydantic==2.8.2
|
|
pydantic-settings==2.*
|
|
python-multipart==0.0.*
|
|
# Fuzzy lookup pentru editorul de mapari operatii (app/mapping.py). Pur Python/C, fara build extern.
|
|
rapidfuzz==3.14.5
|
|
# Criptare creds RAR efemere in submissions (app/crypto.py, Fernet). Zero-storage at rest.
|
|
cryptography==46.0.5
|
|
|
|
# Migrare DBF (tools/import_dbf.py). Necesar doar pentru import optional, nu pentru runtime.
|
|
dbfread==2.0.7
|