Ensure persistant HMAC keys, proper snapshot handling, and security

Susmita-Chakrabarty · Susmita-Chakrabarty · commit b5bf570211d0 · 2025-03-08T14:13:58.000-07:00
diff --git a/pydatastructs/graphs/graph.py b/pydatastructs/graphs/graph.py
@@ -10,17 +10,22 @@
 def rotate_secret_key():
     """ Automatically rotates secret key after 30 days """
     while True:
-        os.environ["HMAC_SECRET_KEY"] = secrets.token_hax(32)
+        os.environ["HMAC_SECRET_KEY"] = secrets.token_hex(32)
         time.sleep(30 * 24 * 60 * 60)
 def get_secret_key():
     """ Gets the HMAC secret key """ 
     secret_key = os.getenv("HMAC_SECRET_KEY")
     if secret_key is None:
-        raise RuntimeError("Secret key is missing!")    
-    return secret_key.encode()  
+        try:
+            with open("hmac_key.txt", "r") as f:
+                secret_key = f.read().strip()
+        except FileNotFoundError:
+            raise RuntimeError("Secret key is missing! Set HMAC_SECRET_KEY or create hmac_key.txt.")
+    return secret_key.encode()
+  
 def generate_hmac(data):
     """Generating HMAC signature for integrity verification"""
-    return hmac.new(get_secret_key(), data.encode(),hashlib.sha256).haxdigit()
+    return hmac.new(get_secret_key(), data.encode(),hashlib.sha256).hexdigit()
 def serialize_graph(graph):
     """Converts a graph into a string for HMAC signing."""
     if not graph.vertices or not graph.edge_weights:
@@ -222,3 +227,5 @@ def num_edges(self):
         """
         raise NotImplementedError(
             "This is an abstract method.")
+threading.Thread(target=rotate_secret_key, daemon=True).start()
+
