From 750c01776a36eb0badee35abf68d03cf47513d7d Mon Sep 17 00:00:00 2001 From: vvzvlad Date: Wed, 26 Mar 2025 15:00:28 +0300 Subject: [PATCH] Update API endpoints to include request parameter for token validation, enhancing security by checking client host against allowed addresses. --- Dockerfile | 2 ++ api_server.py | 19 +++++++++---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 44b097d..030c24a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,4 +7,6 @@ RUN apt-get update && apt-get install -y libmagic-dev curl --no-install-recommen RUN pip install --no-cache-dir -r requirements.txt COPY *.py . +HEALTHCHECK --interval=10m --timeout=5s --retries=4 --start-interval=2s --start-period=10s CMD curl -f http://localhost:3000/rss/vvzvlad_lytdybr/localhost?limit=1 || exit 1 + CMD ["python", "api_server.py"] \ No newline at end of file diff --git a/api_server.py b/api_server.py index b25c6a6..5985962 100644 --- a/api_server.py +++ b/api_server.py @@ -459,8 +459,8 @@ def calculate_cache_stats(): @app.get("/post/html/{channel}/{post_id}", response_class=HTMLResponse) @app.get("/html/{channel}/{post_id}/{token}", response_class=HTMLResponse) @app.get("/post/html/{channel}/{post_id}/{token}", response_class=HTMLResponse) -async def get_post_html(channel: str, post_id: int, token: str | None = None, debug: bool = False): - if Config["token"]: +async def get_post_html(channel: str, post_id: int, token: str | None = None, debug: bool = False, request: Request = None): + if Config["token"] and request and request.client.host not in ["127.0.0.1", "localhost"]: if token != Config["token"]: logger.error(f"Invalid token for HTML post: {token}, expected: {Config['token']}") raise HTTPException(status_code=403, detail="Invalid token") @@ -483,8 +483,8 @@ async def get_post_html(channel: str, post_id: int, token: str | None = None, de @app.get("/post/json/{channel}/{post_id}") @app.get("/json/{channel}/{post_id}/{token}") @app.get("/post/json/{channel}/{post_id}/{token}") -async def get_post(channel: str, post_id: int, token: str | None = None, debug: bool = False): - if Config["token"]: +async def get_post(channel: str, post_id: int, token: str | None = None, debug: bool = False, request: Request = None): + if Config["token"] and request and request.client.host not in ["127.0.0.1", "localhost"]: if token != Config["token"]: logger.error(f"Invalid token for JSON post: {token}, expected: {Config['token']}") raise HTTPException(status_code=403, detail="Invalid token") @@ -505,8 +505,8 @@ async def get_post(channel: str, post_id: int, token: str | None = None, debug: @app.get("/health") @app.get("/health/{token}") -async def health_check(token: str | None = None): - if Config["token"]: +async def health_check(token: str | None = None, request: Request = None): + if Config["token"] and request and request.client.host not in ["127.0.0.1", "localhost"]: if token != Config["token"]: logger.error(f"Invalid token for health check: {token}, expected: {Config['token']}") raise HTTPException(status_code=403, detail="Invalid token") @@ -577,14 +577,13 @@ async def get_rss_feed(channel: str, output_type: str = 'rss', exclude_flags: str | None = None, exclude_text: str | None = None, - merge_seconds: int = 5 + merge_seconds: int = 5, + request: Request = None ): - if Config["token"]: + if Config["token"] and request and request.client.host not in ["127.0.0.1", "localhost"]: if token != Config["token"]: logger.error(f"invalid_token_error: token {token}, expected {Config['token']}") raise HTTPException(status_code=403, detail="Invalid token") - #else: - #logger.info(f"valid_token: token {token}") while True: try: