| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- from typing import Union
- from venv import logger
- from fastapi import Request, HTTPException, Header, Depends
- from typing import Annotated
- import secrets
- from logging import getLogger
- logger = getLogger(__name__)
- async def get_session_token(request: Request) -> Union[str, None]:
- """Get the anti-abuse token from the session"""
- return request.session.get("antiAbuseToken")
- async def protect_chat_api(
- request: Request,
- x_app_token: Annotated[Union[str, None], Header(alias="X-App-Token")] = None,
- session_token: Annotated[Union[str, None], Depends(get_session_token)] = None
- ):
- """Protect chat API endpoints with token validation"""
- # Equivalent to protectChatAPI middleware
- if not session_token:
- if request.client:
- logger.error(f"Session token is not initialized or invalid. IP: {request.client.host}")
- else:
- logger.error("Session token is not initialized or invalid.")
- logger.error("Session token is not initialized or invalid.")
- raise HTTPException(status_code=403, detail="Acceso denegado: Sesión inválida o token no inicializado.")
- if not x_app_token:
- if request.client:
- logger.error(f"X-App-Token is missing. IP: {request.client.host}")
- else:
- logger.error("X-App-Token is missing.")
- raise HTTPException(status_code=401, detail="Acceso denegado: Falta el token X-Chat-Token.")
- if x_app_token != session_token:
- # Log this attempt for security monitoring
- logger.warning(f"Invalid token attempt. Expected: {session_token}, Received: {x_app_token}")
- raise HTTPException(status_code=403, detail="Acceso denegado: Token inválido.")
- return True # Protection passed
- def generate_anti_abuse_token() -> str:
- """Generate a new anti-abuse token"""
- return secrets.token_hex(32)
|
