agatha
7a835d3172
After LOGIN_MAX_FAILURES consecutive failed attempts from the same source IP within LOGIN_WINDOW_SECONDS, POST /api/v1/auth/token returns HTTP 429 with a Retry-After header for LOGIN_COOLDOWN_SECONDS. A successful login resets the counter. Trusted upstream proxy IPs/CIDRs can be declared via LOGIN_TRUSTED_PROXY_IPS so X-Forwarded-For is honoured correctly behind nginx ingress or similar reverse proxies. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
30 lines
803 B
Python
30 lines
803 B
Python
from functools import lru_cache
|
|
|
|
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", extra="ignore")
|
|
|
|
database_url: str
|
|
s3_endpoint_url: str
|
|
s3_bucket_name: str
|
|
s3_access_key_id: str
|
|
s3_secret_access_key: str
|
|
s3_region: str = "us-east-1"
|
|
api_base_url: str = "http://localhost:8000"
|
|
max_upload_bytes: int = 52_428_800 # 50 MiB
|
|
jwt_secret_key: str
|
|
jwt_expiry_seconds: int = 86400
|
|
owner_username: str
|
|
owner_password: str
|
|
login_max_failures: int = 5
|
|
login_window_seconds: int = 300
|
|
login_cooldown_seconds: int = 900
|
|
login_trusted_proxy_ips: str = ""
|
|
|
|
|
|
@lru_cache
|
|
def get_settings() -> Settings:
|
|
return Settings()
|