protection de l'application contre les attaques numériques
This commit is contained in:
innotex
@@ -1,5 +1,7 @@
|
||||
from fastapi import APIRouter, HTTPException, status, Form
|
||||
from fastapi import APIRouter, HTTPException, status, Form, Request, Depends
|
||||
from datetime import timedelta
|
||||
from slowapi import Limiter
|
||||
from slowapi.util import get_remote_address
|
||||
from app.core.security import (
|
||||
authenticate_user,
|
||||
create_access_token,
|
||||
@@ -8,29 +10,49 @@ from app.core.security import (
|
||||
get_current_user,
|
||||
)
|
||||
from app.core.config import settings
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger("innotexboard.security")
|
||||
limiter = Limiter(key_func=get_remote_address)
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
|
||||
@router.post("/login", response_model=Token)
|
||||
async def login(username: str = Form(...), password: str = Form(...)):
|
||||
@limiter.limit("5/minute") # Max 5 tentatives par minute par IP
|
||||
async def login(
|
||||
request: Request,
|
||||
username: str = Form(..., min_length=2, max_length=32),
|
||||
password: str = Form(..., min_length=1)
|
||||
):
|
||||
"""
|
||||
Endpoint d'authentification PAM
|
||||
Endpoint d'authentification PAM avec protection brute force
|
||||
Authentifie l'utilisateur contre le système Debian via PAM
|
||||
"""
|
||||
user = authenticate_user(username, password)
|
||||
client_ip = get_remote_address(request)
|
||||
|
||||
# Log de la tentative de connexion
|
||||
logger.info(f"Login attempt for user '{username}' from {client_ip}")
|
||||
|
||||
# Validation et authentification
|
||||
user = authenticate_user(username, password, client_ip)
|
||||
|
||||
if not user:
|
||||
logger.warning(f"Failed login for '{username}' from {client_ip}")
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Identifiants incorrects",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
|
||||
# Génération du token
|
||||
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
access_token = create_access_token(
|
||||
username=user.username, expires_delta=access_token_expires
|
||||
)
|
||||
|
||||
logger.info(f"Successful login for '{username}' from {client_ip}")
|
||||
|
||||
return {
|
||||
"access_token": access_token,
|
||||
"token_type": "bearer",
|
||||
@@ -39,13 +61,17 @@ async def login(username: str = Form(...), password: str = Form(...)):
|
||||
|
||||
|
||||
@router.get("/me", response_model=User)
|
||||
async def read_users_me(current_user: User = None):
|
||||
async def read_users_me(current_user: User = Depends(get_current_user)):
|
||||
"""Retourne les informations de l'utilisateur actuellement authentifié"""
|
||||
# Le user est validé par le dépendance get_current_user si nécessaire
|
||||
return {"username": "guest", "is_authenticated": True}
|
||||
return current_user
|
||||
|
||||
|
||||
@router.post("/logout")
|
||||
async def logout(current_user: User = None):
|
||||
async def logout(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_user)
|
||||
):
|
||||
"""Endpoint de déconnexion (le token devient simplement invalide côté client)"""
|
||||
client_ip = get_remote_address(request)
|
||||
logger.info(f"User '{current_user.username}' logged out from {client_ip}")
|
||||
return {"message": "Déconnecté avec succès"}
|
||||
|
||||
Reference in New Issue
Block a user