fernet client management

Author: TimilsinaBimal

Dockerfile

@@ -1,28 +1,26 @@
-# Use Python 3.11 slim image as base
 FROM python:3.11-slim
 
-# Set working directory
 WORKDIR /app
 
-# Set environment variables
-ENV PYTHONDONTWRITEBYTECODE=1 \
-    PYTHONUNBUFFERED=1 \
-    PIP_NO_CACHE_DIR=1 \
-    PIP_DISABLE_PIP_VERSION_CHECK=1
-
 # Install system dependencies
 RUN apt-get update && apt-get install -y \
-    gcc \
+    gcc curl ca-certificates\
     && rm -rf /var/lib/apt/lists/*
 
-# Copy requirements first for better caching
-COPY requirements.txt .
+# Download the latest installer
+ADD https://astral.sh/uv/install.sh /uv-installer.sh
+
+# Run the installer then remove it
+RUN sh /uv-installer.sh && rm /uv-installer.sh
 
-# Install Python dependencies
-RUN pip install --no-cache-dir -r requirements.txt
+# Ensure the installed binary is on the `PATH`
+ENV PATH="/root/.local/bin/:$PATH"
 
 COPY app/ ./app/
 COPY main.py .
 COPY pyproject.toml .
+COPY uv.lock .
+
+RUN uv sync --locked
 
-ENTRYPOINT ["python", "main.py"]
+ENTRYPOINT ["uv", "run", "main.py"]

app/services/token_store.py

@@ -21,7 +21,6 @@ class TokenStore:
 
     def __init__(self) -> None:
         self._client: redis.Redis | None = None
-        self._cipher: Fernet | None = None
         # Cache decrypted payloads for 1 day (86400s) to reduce Redis hits
         # Max size 5000 allows many active users without eviction
         self._payload_cache: TTLCache = TTLCache(maxsize=5000, ttl=86400)
@@ -42,25 +41,24 @@ def _ensure_secure_salt(self) -> None:
             )
 
     def _get_cipher(self) -> Fernet:
-        """Get or create Fernet cipher instance based on TOKEN_SALT."""
         salt = b"x7FDf9kypzQ1LmR32b8hWv49sKq2Pd8T"
-        if self._cipher is None:
-            kdf = PBKDF2HMAC(
-                algorithm=hashes.SHA256(),
-                length=32,
-                salt=salt,
-                iterations=200_000,
-            )
+        kdf = PBKDF2HMAC(
+            algorithm=hashes.SHA256(),
+            length=32,
+            salt=salt,
+            iterations=200_000,
+        )
 
-            key = base64.urlsafe_b64encode(kdf.derive(settings.TOKEN_SALT.encode("utf-8")))
-            self._cipher = Fernet(key)
-        return self._cipher
+        key = base64.urlsafe_b64encode(kdf.derive(settings.TOKEN_SALT.encode("utf-8")))
+        return Fernet(key)
 
     def encrypt_token(self, token: str) -> str:
-        return self._cipher.encrypt(token.encode("utf-8")).decode("utf-8")
+        cipher = self._get_cipher()
+        return cipher.encrypt(token.encode("utf-8")).decode("utf-8")
 
     def decrypt_token(self, enc: str) -> str:
-        return self._cipher.decrypt(enc.encode("utf-8")).decode("utf-8")
+        cipher = self._get_cipher()
+        return cipher.decrypt(enc.encode("utf-8")).decode("utf-8")
 
     async def _get_client(self) -> redis.Redis:
         if self._client is None: