mirror of
https://github.com/aljazceru/nutshell.git
synced 2025-12-20 10:34:20 +01:00
a0ef44dba0
* auth server * cleaning up * auth ledger class * class variables -> instance variables * annotations * add models and api route * custom amount and api prefix * add auth db * blind auth token working * jwt working * clean up * JWT works * using openid connect server * use oauth server with password flow * new realm * add keycloak docker * hopefully not garbage * auth works * auth kinda working * fix cli * auth works for send and receive * pass auth_db to Wallet * auth in info * refactor * fix supported * cache mint info * fix settings and endpoints * add description to .env.example * track changes for openid connect client * store mint in db * store credentials * clean up v1_api.py * load mint info into auth wallet * fix first login * authenticate if refresh token fails * clear auth also middleware * use regex * add cli command * pw works * persist keyset amounts * add errors.py * do not start auth server if disabled in config * upadte poetry * disvoery url * fix test * support device code flow * adopt latest spec changes * fix code flow * mint max bat dynamic * mypy ignore * fix test * do not serialize amount in authproof * all auth flows working * fix tests * submodule * refactor * test * dont sleep * test * add wallet auth tests * test differently * test only keycloak for now * fix creds * daemon * fix test * install everything * install jinja * delete wallet for every test * auth: use global rate limiter * test auth rate limit * keycloak hostname * move keycloak test data * reactivate all tests * add readme * load proofs * remove unused code * remove unused code * implement change suggestions by ok300 * add error codes * test errors
99 lines
3.1 KiB
Python
99 lines
3.1 KiB
Python
from typing import Optional
|
|
|
|
from fastapi import WebSocket, status
|
|
from fastapi.responses import JSONResponse
|
|
from limits import RateLimitItemPerMinute
|
|
from loguru import logger
|
|
from slowapi import Limiter
|
|
from slowapi.util import get_remote_address
|
|
from starlette.requests import Request
|
|
|
|
from ..core.settings import settings
|
|
|
|
|
|
def _rate_limit_exceeded_handler(request: Request, exc: Exception) -> JSONResponse:
|
|
remote_address = get_remote_address(request)
|
|
logger.warning(
|
|
f"Rate limit {settings.mint_global_rate_limit_per_minute}/minute exceeded: {remote_address}"
|
|
)
|
|
return JSONResponse(
|
|
status_code=status.HTTP_429_TOO_MANY_REQUESTS,
|
|
content={"detail": "Rate limit exceeded."},
|
|
)
|
|
|
|
|
|
def get_remote_address_excluding_local(request: Request) -> str:
|
|
remote_address = get_remote_address(request)
|
|
if remote_address == "127.0.0.1":
|
|
return ""
|
|
return remote_address
|
|
|
|
|
|
limiter_global = Limiter(
|
|
key_func=get_remote_address_excluding_local,
|
|
strategy="fixed-window-elastic-expiry",
|
|
default_limits=[f"{settings.mint_global_rate_limit_per_minute}/minute"],
|
|
enabled=settings.mint_rate_limit,
|
|
)
|
|
|
|
limiter = Limiter(
|
|
key_func=get_remote_address_excluding_local,
|
|
strategy="fixed-window-elastic-expiry",
|
|
default_limits=[f"{settings.mint_transaction_rate_limit_per_minute}/minute"],
|
|
enabled=settings.mint_rate_limit,
|
|
)
|
|
|
|
|
|
def assert_limit(identifier: str, limit: Optional[int] = None):
|
|
"""Custom rate limit handler that accepts a string identifier
|
|
and raises an exception if the rate limit is exceeded. Uses the
|
|
setting `mint_transaction_rate_limit_per_minute` for the rate limit.
|
|
|
|
Args:
|
|
identifier (str): The identifier to use for the rate limit. IP address for example.
|
|
limit (Optional[int], optional): The rate limit per minute to use. Defaults to None
|
|
|
|
Raises:
|
|
Exception: If the rate limit is exceeded.
|
|
"""
|
|
global limiter
|
|
limit_per_minute = limit or settings.mint_transaction_rate_limit_per_minute
|
|
success = limiter._limiter.hit(
|
|
RateLimitItemPerMinute(limit_per_minute),
|
|
identifier,
|
|
)
|
|
if not success:
|
|
logger.warning(f"Rate limit {limit_per_minute}/minute exceeded: {identifier}")
|
|
raise Exception("Rate limit exceeded")
|
|
|
|
|
|
def get_ws_remote_address(ws: WebSocket) -> str:
|
|
"""Returns the ip address for the current websocket (or 127.0.0.1 if none found)
|
|
|
|
Args:
|
|
ws (WebSocket): The FastAPI WebSocket object.
|
|
|
|
Returns:
|
|
str: The ip address for the current websocket.
|
|
"""
|
|
if not ws.client or not ws.client.host:
|
|
return "127.0.0.1"
|
|
|
|
return ws.client.host
|
|
|
|
|
|
def limit_websocket(ws: WebSocket):
|
|
"""Websocket rate limit handler that accepts a FastAPI WebSocket object.
|
|
This function will raise an exception if the rate limit is exceeded.
|
|
|
|
Args:
|
|
ws (WebSocket): The FastAPI WebSocket object.
|
|
|
|
Raises:
|
|
Exception: If the rate limit is exceeded.
|
|
"""
|
|
remote_address = get_ws_remote_address(ws)
|
|
if remote_address == "127.0.0.1":
|
|
return
|
|
assert_limit(remote_address)
|