b92055eb01
US-007: rute web proprii /cont/roteste-cheie + /cont/rar-creds scoped pe sesiune (C13), sectiune "Contul meu" cu cheie afisata o data. US-010: rol admin (users.is_admin) + require_admin->403 + CLI set-admin + bootstrap primul cont=admin (count_admins in BEGIN IMMEDIATE, anti-race). US-011: panou /admin (activare/dezactivare conturi, CSRF + PRG), link admin + logout pe dashboard. US-012: app/email.py notify_signup best-effort degradat fara SMTP + config smtp_*. Fix: migrare defensiva users.is_admin/email_verified in _migrate. VERIFY x2 context curat (PASS) + /code-review high. 393 teste pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
121 lines
5.0 KiB
Python
121 lines
5.0 KiB
Python
"""Configurare gateway. Env vars (prefix AUTOPASS_) + valori implicite.
|
|
|
|
NU stocheaza parole RAR. Credentialele RAR vin per-cerere de la ROAAUTO
|
|
(vezi plan.md sect. 5). Helper-ul `load_test_credentials` citeste blocul
|
|
<test> din settings.xml DOAR pentru dev local / probe pe mediul de test.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import xml.etree.ElementTree as ET
|
|
from functools import lru_cache
|
|
from pathlib import Path
|
|
|
|
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
ROOT = Path(__file__).resolve().parent.parent
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
model_config = SettingsConfigDict(env_prefix="AUTOPASS_", env_file=".env", extra="ignore")
|
|
|
|
# --- Bază de date ---
|
|
db_path: Path = ROOT / "data" / "autopass.db"
|
|
|
|
# --- Securitate (CORE) ---
|
|
# Enforcement auth API-key pe /v1/* protejat. False (dev/test): fara cheie ->
|
|
# cont implicit id=1. True (prod): fara cheie valida -> 401. O cheie PREZENTA
|
|
# dar invalida da 401 indiferent de flag.
|
|
require_api_key: bool = False
|
|
|
|
# Cheie Fernet pentru criptarea creds RAR efemere in submissions (zero-storage
|
|
# at rest). Nesetata -> cheie efemera la runtime (creds nu supravietuiesc
|
|
# restartului). In productie seteaz-o persistent. Genereaza:
|
|
# python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
|
|
creds_key: str | None = None
|
|
|
|
# --- Sesiuni web (US-002, PRD 3.3) ---
|
|
# Secret semnat cookie sesiune. None -> efemer la fiecare restart (dev ok;
|
|
# in prod seteaza persistent ca si creds_key, altfel cookieurile se invalideaza
|
|
# la restart). Genereaza: python -c "import secrets; print(secrets.token_hex(32))"
|
|
session_secret: str | None = None
|
|
# True (prod): rutele web fara sesiune -> redirect /login. False (dev): fara
|
|
# sesiune -> cont implicit id=1, back-compat (C12/§5 Q5).
|
|
web_auth_required: bool = False
|
|
# True (prod, in spatele Cloudflare Tunnel TLS): cookie cu Secure flag (C4).
|
|
# False (dev): cookie fara Secure, functioneaza pe HTTP.
|
|
session_https_only: bool = False
|
|
|
|
# --- Notificare email admin la signup (US-012, PRD 3.3b) ---
|
|
# Nesetat (smtp_host None) -> notificarea e DEGRADATA (doar log SIGNUP);
|
|
# follow-up cand exista SMTP real configurat in .env.
|
|
smtp_host: str | None = None
|
|
smtp_port: int = 587
|
|
smtp_user: str | None = None
|
|
smtp_password: str | None = None
|
|
smtp_from: str | None = None
|
|
|
|
# --- Rate-limit signup + login (US-009, PRD 3.3 C5) ---
|
|
# Max cereri POST /signup per IP in fereastra de timp (in-proces, fara dependinta noua).
|
|
signup_rate_max: int = 5
|
|
signup_rate_window_s: int = 3600
|
|
# Max incercari POST /login per IP (brute-force parole). Fereastra impartita cu signup.
|
|
login_rate_max: int = 10
|
|
|
|
# --- RAR ---
|
|
rar_env: str = "test" # "test" | "prod"
|
|
rar_base_url_test: str = "https://apps.rarom.ro/test-rar-autopass"
|
|
rar_base_url_prod: str = "https://apps.rarom.ro/rar-autopass"
|
|
|
|
# WAF-ul RAR da 403 fara User-Agent de browser (confirmat live, vezi
|
|
# docs/api-rar-contract.md). Toate apelurile httpx il trimit.
|
|
http_user_agent: str = "Mozilla/5.0"
|
|
http_timeout_s: float = 30.0
|
|
|
|
# --- Worker ---
|
|
worker_poll_interval_s: float = 5.0
|
|
worker_heartbeat_stale_s: int = 30 # /healthz considera worker-ul mort peste atat
|
|
# In schelet send-ul e DEZACTIVAT (nu trimite la RAR). Activeaza-l explicit
|
|
# pentru proba end-to-end. Reconcilierea/retry-ul complet = T2.
|
|
worker_send_enabled: bool = False
|
|
# Dev: foloseste creds <test> din settings.xml pt login worker. In productie
|
|
# creds vin per-cerere de la ROAAUTO (T2) — lasa False.
|
|
worker_use_test_creds: bool = False
|
|
# T2 — recuperare orfane + retry/backoff:
|
|
worker_sending_lease_s: int = 120 # rand 'sending' mai vechi de atat = orfan (worker mort mid-POST)
|
|
worker_retry_base_s: int = 5 # backoff = base * 2^retry (plafonat la max)
|
|
worker_retry_max_s: int = 300
|
|
worker_max_retries: int = 8 # peste atat -> error + banner (pana persistenta)
|
|
|
|
@property
|
|
def rar_base_url(self) -> str:
|
|
return self.rar_base_url_prod if self.rar_env == "prod" else self.rar_base_url_test
|
|
|
|
|
|
@lru_cache
|
|
def get_settings() -> Settings:
|
|
return Settings()
|
|
|
|
|
|
def load_test_credentials(settings_xml: Path | None = None) -> dict | None:
|
|
"""Citeste credentialele <test> din settings.xml (dev local / probe test).
|
|
|
|
Intoarce {"email", "password"} sau None daca fisierul lipseste / e template.
|
|
NU se foloseste in productie — acolo creds vin per-cerere de la ROAAUTO.
|
|
"""
|
|
path = settings_xml or (ROOT / "settings.xml")
|
|
if not path.exists():
|
|
return None
|
|
try:
|
|
root = ET.parse(path).getroot()
|
|
node = root.find("./test/credentials")
|
|
if node is None:
|
|
return None
|
|
email = (node.findtext("email") or "").strip()
|
|
password = (node.findtext("password") or "").strip()
|
|
if not email or not password or email.startswith("EMAIL_"):
|
|
return None
|
|
return {"email": email, "password": password}
|
|
except ET.ParseError:
|
|
return None
|