fix: обновление .gitignore и добавление проверки капчи

- Добавлен node_modules в .gitignore для исключения из отслеживания - В app.py добавлена переменная capcha_score для настройки порога проверки капчи - Обновлены условия проверки капчи в функциях decode и search - Добавлен маршрут для обслуживания статических файлов с проверкой расширений и защиты от обхода директорий
2025-05-02 23:48:15 +03:00 · 2025-05-02 23:48:15 +03:00 · a26947df3f
commit a26947df3f
parent 23b9551fcb
3 changed files with 31 additions and 10 deletions
--- a/app.py
+++ b/app.py
@ -16,13 +16,14 @@ from flask_swagger_ui import get_swaggerui_blueprint



-
+capcha_score: float = 0.1
 capcha_site = '6LcJpHMgAAAAAMQLNY_g8J2Kv_qmCGureRN_lbGl'
 capcha_site_sec = '6LcJpHMgAAAAAIUf4Jg_7NvawQKZoLoVypDU6-d8'
 capcha_site_url='https://www.google.com/recaptcha/api/siteverify'
 site = 'salvagedb.com'
 app_path = os.path.dirname(os.path.realpath(__file__))

+
 app = Flask(__name__)

 app_debug : bool = os.environ.get('APP_DEBUG',False)
@ -32,7 +33,7 @@ app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)

 os.environ['NLS_LANG'] = 'American_America.AL32UTF8'

-#Cache
+
 app.cache = ExpiringDict(60*60*24)

 # Swagger UI
@ -195,7 +196,7 @@ def decode():
        vin = request.form.get('q').strip()
        g_respone = request.form['g-recaptcha-response']
        capcha_check = requests.post(url=f'{capcha_site_url}?secret={capcha_site_sec}&response={g_respone}').json()
-        if capcha_check['success'] == False or capcha_check['score'] <0.5:
+        if capcha_check['success'] == False or capcha_check['score'] <capcha_score:
            app.logger.info(f'Google reuest: {capcha_site_url}?secret={capcha_site_sec}&response={g_respone}')
            app.logger.info(f'Bad google answer: {capcha_check}')
            abort(401)
@ -279,7 +280,7 @@ def search():
        g_respone = request.form.get('g-recaptcha-response')

        capcha_check = requests.post(url=f'{capcha_site_url}?secret={capcha_site_sec}&response={g_respone}').json()
-        if capcha_check['success'] == False or capcha_check['score'] <0.5:
+        if capcha_check['success'] == False or capcha_check['score'] <capcha_score:
            app.logger.info(f'Google reuest: {capcha_site_url}?secret={capcha_site_sec}&response={g_respone}')
            app.logger.info(f'Bad google answer: {capcha_check}')
            if app_debug==True:
@ -782,6 +783,31 @@ def get_addr(req) -> str:
 def swagger_yaml():
    return send_from_directory('api', 'swagger.yaml')

+@app.route('/static/<path:filename>')
+def serve_static(filename):
+    try:
+        # Check file extension
+        allowed_extensions = {'.css', '.js', '.png', '.jpg', '.jpeg', '.gif', '.ico', '.svg'}
+        file_ext = os.path.splitext(filename)[1].lower()
+        
+        if file_ext not in allowed_extensions:
+            app.logger.warning(f'Attempt to access forbidden file type: {filename}')
+            return 'Access denied', 403
+            
+        # Check path for directory traversal attempts
+        safe_path = os.path.normpath(os.path.join('static', filename))
+        if not safe_path.startswith('static'):
+            app.logger.warning(f'Attempt to access file outside static directory: {filename}')
+            return 'Access denied', 403
+            
+        # Log file access
+        app.logger.info(f'Access to static file: {filename}')
+        
+        return send_from_directory('static', filename)
+    except Exception as e:
+        app.logger.error(f'Error accessing file {filename}: {str(e)}')
+        return 'File not found', 404
+
 if __name__ == '__main__':
    # Start a pool of connections
    pool = start_pool()
--- a/5
+++ b/5
@ -1,5 +0,0 @@
-[33m1799493[m[33m ([m[1;36mHEAD[m[33m -> [m[1;32mmain[m[33m)[m feat: адаптация шаблонов для мобильных устройств
-[33mc2d60d9[m[33m ([m[1;31morigin/main[m[33m, [m[1;31morigin/HEAD[m[33m)[m Развиваем API v2: +search Поправил favicon
-[33m11f6d56[m Перевод search на post
-[33m97e85ec[m remove readme.md
-[33m12f0b91[m Init