Версия: 2.0.0
Дата: 2025-11-10
from cifra.auth import register, login
# Registration
user = await register(
email='user@example.com',
password='SecurePass123!',
name='John Doe'
)
# Login
token = await login(
email='user@example.com',
password='SecurePass123!'
)
# → JWT token
integrations:
google_oauth:
enabled: true
client_id: ${GOOGLE_CLIENT_ID}
client_secret: ${GOOGLE_CLIENT_SECRET}
github_oauth:
enabled: true
client_id: ${GITHUB_CLIENT_ID}
# Enable 2FA
qr_code = await enable_2fa(user_id)
# Verify 2FA
await verify_2fa(user_id, code='123456')
permissions:
roles:
admin:
- "*"
manager:
- contact:view
- contact:create
- contact:update
- deal:*
user:
- contact:view_own
permissions:
rules:
- name: Can edit own contacts
effect: allow
actions: [contact:update]
conditions:
contact.owner_id: "{{user.id}}"
-- PostgreSQL RLS
CREATE POLICY contact_isolation ON contacts
USING (owner_id = current_setting('app.user_id')::uuid);
In Transit: TLS 1.3
At Rest: AES-256
Passwords: Argon2
from cifra.crypto import hash_password, verify_password
# Hash password
hashed = hash_password('SecurePass123!')
# Verify
is_valid = verify_password('SecurePass123!', hashed)
| Угроза | Защита | Статус |
|---|---|---|
| A01: Broken Access Control | RBAC + ABAC + RLS | ✅ |
| A02: Cryptographic Failures | TLS 1.3, AES-256 | ✅ |
| A03: Injection | Parameterized queries | ✅ |
| A07: Auth Failures | OAuth2, 2FA | ✅ |
Следующий документ: API_AND_INTEGRATION.md →