| 36 | |
| 37 | |
| 38 | def prepare_security_config(config: dict[str, Any]) -> SecurityConfigResult: |
| 39 | next_config = copy.deepcopy(config) |
| 40 | result = SecurityConfigResult(config=next_config) |
| 41 | |
| 42 | admin_token = str(next_config.get("admin_token") or "") |
| 43 | if not admin_token: |
| 44 | result.setup_required = True |
| 45 | elif verify_password(LEGACY_DEFAULT_ADMIN_TOKEN, admin_token): |
| 46 | next_config["admin_token"] = "" |
| 47 | result.setup_required = True |
| 48 | result.changed = True |
| 49 | elif not is_password_hashed(admin_token): |
| 50 | next_config["admin_token"] = hash_password(admin_token) |
| 51 | result.password_hashed = True |
| 52 | result.changed = True |
| 53 | |
| 54 | jwt_secret = next_config.get("jwt_secret") |
| 55 | if not is_valid_jwt_secret(jwt_secret): |
| 56 | next_config["jwt_secret"] = generate_jwt_secret() |
| 57 | result.jwt_secret_rotated = True |
| 58 | result.changed = True |
| 59 | |
| 60 | return result |