Eliminat zgomotul de trasabilitate (US-xxx, PRD x.x, Rn, OV-x, Tn, decizii/naratiune istorica) din 41 fisiere app/ + template-uri. Pastrate comentariile care documenteaza invarianti si logica ne-evidenta (idempotenta/hash, reconciliere anti-duplicat, RAR 500 esec definitiv, creds per cont, WAF User-Agent, 422 fara echo de parola, scope NULL->1), curatate doar de tokeni. Verificare: pentru cele 27 module .py curatate, structura de cod (tokeni non-comentariu/ non-string) e IDENTICA fata de HEAD -> doar comentarii/docstring-uri schimbate. Singura schimbare de cod e in tests/test_web_responsive.py (scos 3 assert pe markeri US-006/007/008, inlocuite de asertiunile structurale alaturate). 0 tokeni US/PRD reziduali in app/. Regresie: 896 passed, 1 deselected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
32 lines
1.1 KiB
Python
32 lines
1.1 KiB
Python
"""Rate-limit in-proces cu fereastra glisanta.
|
|
|
|
Fara dependinta externa. Folosit de POST /signup cu cheia = IP client.
|
|
Configurabil prin AUTOPASS_signup_rate_max / AUTOPASS_signup_rate_window_s (config.py).
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import time
|
|
from collections import defaultdict
|
|
|
|
# ip/key -> lista de timestamps (time.monotonic) ale cererilor din fereastra activa
|
|
_hits: dict[str, list[float]] = defaultdict(list)
|
|
|
|
|
|
def check_rate_limit(key: str, max_hits: int, window_s: int) -> bool:
|
|
"""Fereastra glisanta: returneaza True daca cererea e permisa, False la depasire.
|
|
|
|
Curata timestamp-urile expirate la fiecare apel (O(n) per cheie, acceptabil
|
|
pentru trafic de signup). Thread-safety: GIL Python protejeaza list ops simple;
|
|
suficient pentru un singur proces uvicorn.
|
|
"""
|
|
now = time.monotonic()
|
|
cutoff = now - window_s
|
|
timestamps = _hits[key]
|
|
# Sterge intrari expirate
|
|
_hits[key] = [t for t in timestamps if t > cutoff]
|
|
if len(_hits[key]) >= max_hits:
|
|
return False
|
|
_hits[key].append(now)
|
|
return True
|