Add CORS, rate limiting, security headers, and files endpoint protection
This commit is contained in:
@@ -3,11 +3,14 @@ import asyncio
|
||||
import httpx
|
||||
from fastapi import APIRouter, Depends, HTTPException, status, Request
|
||||
from pydantic import BaseModel
|
||||
from slowapi import Limiter
|
||||
from slowapi.util import get_remote_address
|
||||
import config
|
||||
import auth
|
||||
import pyotp
|
||||
|
||||
router = APIRouter()
|
||||
limiter = Limiter(key_func=get_remote_address)
|
||||
|
||||
class LoginRequest(BaseModel):
|
||||
username: str
|
||||
@@ -50,6 +53,7 @@ async def send_failed_login_alert(ip_address: str, username: str, reason: str):
|
||||
print(f"Failed to send Telegram alert: {e}", flush=True)
|
||||
|
||||
@router.post("/login", response_model=Token)
|
||||
@limiter.limit("5/minute")
|
||||
async def login(creds: LoginRequest, request: Request):
|
||||
client_ip = request.client.host
|
||||
# Verify username/password
|
||||
@@ -121,7 +125,8 @@ class ChangePasswordRequest(BaseModel):
|
||||
new_password: str
|
||||
|
||||
@router.post("/change-password")
|
||||
async def change_password(req: ChangePasswordRequest, current_user: str = Depends(auth.get_current_user)):
|
||||
@limiter.limit("5/minute")
|
||||
async def change_password(req: ChangePasswordRequest, request: Request, current_user: str = Depends(auth.get_current_user)):
|
||||
if not auth.verify_password(req.current_password, auth.load_password_hash()):
|
||||
raise HTTPException(status_code=400, detail="Current password is incorrect")
|
||||
if len(req.new_password) < 8:
|
||||
|
||||
Reference in New Issue
Block a user