feat: enhance security with bcrypt for password hashing and verification; add get_table method to Data API client; increase video description length limit

pmcfadin · pmcfadin · commit f07ecfc195a3 · 2025-12-01T14:35:06.000-08:00
diff --git a/app/core/security.py b/app/core/security.py
@@ -1,14 +1,12 @@
 from datetime import datetime, timedelta, timezone
 from typing import Union, Optional, List, Any
 
-from passlib.context import CryptContext
+import bcrypt
 from jose import jwt
 from pydantic import BaseModel
 
 from app.core.config import settings
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
 
 class TokenPayload(BaseModel):
     sub: Optional[Union[str, Any]] = None
@@ -17,11 +15,13 @@ class TokenPayload(BaseModel):
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+    password_bytes = plain_password.encode("utf-8")[:72]
+    return bcrypt.checkpw(password_bytes, hashed_password.encode("utf-8"))
 
 
 def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)
+    password_bytes = password.encode("utf-8")[:72]
+    return bcrypt.hashpw(password_bytes, bcrypt.gensalt()).decode("utf-8")
 
 
 def create_access_token(
diff --git a/app/db/astra_client.py b/app/db/astra_client.py
@@ -85,6 +85,10 @@ def __init__(self, *, api_endpoint: str, token: str, namespace: str):
             def collection(self, table_name: str):  # type: ignore
                 return self._db.get_collection(table_name)
 
+            def get_table(self, table_name: str):  # type: ignore
+                """Get a table (for working with CQL tables via Data API)."""
+                return self._db.get_table(table_name)
+
             async def create_collection(self, name: str, **kwargs):  # noqa: D401
                 """Proxy to the underlying AsyncDatabase.create_collection."""
                 return await self._db.create_collection(name, **kwargs)
diff --git a/app/models/video.py b/app/models/video.py
@@ -42,7 +42,7 @@ class VideoBase(BaseModel):
     model_config = ConfigDict(populate_by_name=True)
 
     name: str = Field(..., min_length=3, max_length=100, alias="title")
-    description: Optional[str] = Field(default=None, max_length=1000)
+    description: Optional[str] = Field(default=None, max_length=2000)
     tags: List[str] = Field(default_factory=list)
 
 
@@ -108,7 +108,7 @@ class VideoUpdateRequest(BaseModel):
     name: Optional[str] = Field(
         default=None, min_length=3, max_length=100, alias="title"
     )
-    description: Optional[str] = Field(default=None, max_length=1000)
+    description: Optional[str] = Field(default=None, max_length=2000)
     tags: Optional[List[str]] = None
 
 
