Spaces:
Sleeping
Sleeping
| """ | |
| Security and compliance utilities. | |
| This module provides a unified interface for security features | |
| including audit logging, GDPR compliance, and encryption. | |
| Usage: | |
| from security import ( | |
| audit_logger, AuditAction, | |
| gdpr_service, ConsentType, | |
| field_encryption | |
| ) | |
| """ | |
| from .audit import ( | |
| AuditLogger, | |
| AuditAction, | |
| AuditEntry, | |
| audit_logger, | |
| log_login_success, | |
| log_login_failure, | |
| log_data_access, | |
| log_data_modification, | |
| log_security_event, | |
| SENSITIVE_FIELDS | |
| ) | |
| from .gdpr import ( | |
| GDPRService, | |
| ConsentType, | |
| DataCategory, | |
| DeletionStatus, | |
| ExportStatus, | |
| Consent, | |
| DeletionRequest, | |
| ExportRequest, | |
| gdpr_service, | |
| consent_required | |
| ) | |
| from .encryption import ( | |
| FieldEncryption, | |
| EncryptedValue, | |
| EncryptionError, | |
| DecryptionError, | |
| EncryptionNotConfigured, | |
| field_encryption, | |
| encrypt_sensitive_fields, | |
| decrypt_sensitive_fields, | |
| generate_encryption_key, | |
| mask_sensitive_value, | |
| ENCRYPTED_FIELDS | |
| ) | |
| __all__ = [ | |
| # Audit | |
| "AuditLogger", | |
| "AuditAction", | |
| "AuditEntry", | |
| "audit_logger", | |
| "log_login_success", | |
| "log_login_failure", | |
| "log_data_access", | |
| "log_data_modification", | |
| "log_security_event", | |
| "SENSITIVE_FIELDS", | |
| # GDPR | |
| "GDPRService", | |
| "ConsentType", | |
| "DataCategory", | |
| "DeletionStatus", | |
| "ExportStatus", | |
| "Consent", | |
| "DeletionRequest", | |
| "ExportRequest", | |
| "gdpr_service", | |
| "consent_required", | |
| # Encryption | |
| "FieldEncryption", | |
| "EncryptedValue", | |
| "EncryptionError", | |
| "DecryptionError", | |
| "EncryptionNotConfigured", | |
| "field_encryption", | |
| "encrypt_sensitive_fields", | |
| "decrypt_sensitive_fields", | |
| "generate_encryption_key", | |
| "mask_sensitive_value", | |
| "ENCRYPTED_FIELDS" | |
| ] | |
| def get_security_stats() -> dict: | |
| """Get combined security statistics""" | |
| return { | |
| "audit": audit_logger.stats, | |
| "gdpr": gdpr_service.stats, | |
| "encryption": { | |
| "configured": field_encryption.is_configured, | |
| "encrypted_tables": list(ENCRYPTED_FIELDS.keys()) | |
| } | |
| } | |
| def initialize_security(db=None) -> None: | |
| """ | |
| Initialize all security services. | |
| Args: | |
| db: Database instance for persistent storage | |
| """ | |
| if db: | |
| audit_logger.set_database(db) | |
| gdpr_service.set_database(db) | |
| # Security checklist for compliance | |
| SECURITY_CHECKLIST = { | |
| "authentication": { | |
| "password_hashing": "bcrypt with salt", | |
| "session_management": "JWT with short expiry", | |
| "2fa": "TOTP-based", | |
| "brute_force_protection": "Rate limiting" | |
| }, | |
| "authorization": { | |
| "model": "RBAC", | |
| "admin_separation": True, | |
| "principle_of_least_privilege": True | |
| }, | |
| "data_protection": { | |
| "encryption_at_rest": "Field-level AES-256", | |
| "encryption_in_transit": "TLS 1.3", | |
| "data_classification": True, | |
| "backup_encryption": True | |
| }, | |
| "audit_compliance": { | |
| "audit_logging": True, | |
| "log_retention": "7 years", | |
| "tamper_protection": "Append-only logs" | |
| }, | |
| "gdpr_compliance": { | |
| "consent_management": True, | |
| "data_export": True, | |
| "data_deletion": True, | |
| "privacy_policy": True | |
| }, | |
| "security_headers": { | |
| "hsts": True, | |
| "csp": True, | |
| "x_frame_options": "DENY", | |
| "x_content_type_options": "nosniff" | |
| } | |
| } | |