Fix security vulnerabilities. Add logging

src/routers/keypasses.py

@@ -1,7 +1,7 @@
 import json
 import secrets
 import string
-from datetime import datetime
+from datetime import datetime, timezone
 from typing import Optional
 
 from fastapi import APIRouter, Depends, HTTPException
@@ -38,7 +38,7 @@ async def create_keypass(
     kp = Keypass(
         code=code,
         description=req.description,
-        created_at=datetime.utcnow(),
+        created_at=datetime.now(timezone.utc),
         expires_at=req.expires_at,
         revoked=False,
         allowed_gates=json.dumps(req.gate_ids) if req.gate_ids else None,
@@ -80,10 +80,10 @@ async def revoke_keypass(
     kp: Optional[Keypass] = db.query(Keypass).filter(Keypass.id == kp_id).first()
     if not kp:
         raise HTTPException(404, "Keypass not found")
-    if kp.expires_at is not None and kp.expires_at < datetime.utcnow():
+    if kp.expires_at is not None and kp.expires_at < datetime.now(timezone.utc):
         raise HTTPException(409, "Expired keypasses cannot be revoked")
     if kp.revoked:
         raise HTTPException(409, "Keypass is already revoked")
     kp.revoked = True
-    kp.revoked_at = datetime.utcnow()
+    kp.revoked_at = datetime.now(timezone.utc)
     db.commit()