Security and data protection guidelines for RawDrive. Use when implementing authentication, handling user data, validating inputs, or reviewing security-sensitive code.
| Purpose | Location |
|---|---|
| Auth middleware | backend/src/app/middleware/auth.py |
| JWT utilities | backend/src/app/core/security.py |
| Dependencies | backend/src/app/api/dependencies.py |
| Encryption | backend/src/app/services/encryption_service.py |
| Audit logging | backend/src/app/services/audit_service.py |
CloudFlare WAF/DDoS → nginx (TLS 1.3) → Rate Limiting
→ JWT Authentication → RBAC Authorization
→ Workspace Isolation → Encrypted Storage
# backend/src/app/core/security.py
ACCESS_TOKEN_EXPIRE = timedelta(minutes=15)
REFRESH_TOKEN_EXPIRE = timedelta(days=7)
def create_tokens(user: User) -> TokenPair:
access_token = jwt.encode(
{
"sub": str(user.id),
"workspace_id": str(user.workspace_id),
"exp": datetime.utcnow() + ACCESS_TOKEN_EXPIRE,
},
settings.JWT_SECRET, # From env, NEVER hardcode
algorithm="HS256"
)
# ... refresh token similar
return TokenPair(access_token=access_token, refresh_token=refresh_token)
from argon2 import PasswordHasher
ph = PasswordHasher()
# Hash password (Argon2id)
hashed = ph.hash(password)
# Verify password