Ignore vim swapfiles

This reverts commit 87a9b1dd5f.

.gitea/workflows/bandit.yml

@@ -0,0 +1,17 @@
+---
+name: Bandit
+on: [push]
+
+
+# XXX need to do stuff with uv
+jobs:
+  build:
+    runs-on: freebsd
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Analyse code with Bandit
+        run: |
+          bandit -r .

.gitea/workflows/flake8.yml

@@ -0,0 +1,17 @@
+---
+name: Flake8
+on: [push]
+
+
+# XXX need to do stuff with uv
+jobs:
+  build:
+    runs-on: freebsd
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Analyse code with Flake8
+        run: |
+          flake8 $(git ls-files '*.py')

.gitea/workflows/mypy.yml

@@ -0,0 +1,17 @@
+---
+name: Mypy
+on: [push]
+
+
+# XXX need to do stuff with uv
+jobs:
+  build:
+    runs-on: freebsd
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Analyse code with Mypy
+        run: |
+          mypy --install-types --non-interactive $(git ls-files '*.py')

.gitea/workflows/pip-audit.yml

@@ -0,0 +1,23 @@
+---
+name: pip-audit
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 0 * * 0'  # Weekly on Sunday
+
+# XXX need to do stuff with uv
+jobs:
+  build:
+    runs-on: freebsd
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check vulnerable components with pip-audit
+        run: |
+          pip-audit .
+

.gitea/workflows/pylint.yml

@@ -0,0 +1,17 @@
+---
+name: Pylint
+on: [push]
+
+
+# XXX need to do stuff with uv
+jobs:
+  build:
+    runs-on: freebsd
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Analyse code with Pylint
+        run: |
+          pylint $(git ls-files '*.py')

.gitignore

@@ -160,3 +160,5 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 
+# Vim swap files
+*.sw?

app/main.py

@@ -1,70 +1,129 @@
 '''
 Simple Geolocation with FastAPI
 '''
+import os
 from ipaddress import IPv4Address, IPv4Network, IPv6Address, IPv6Network
 from typing import Annotated, Optional, Union
 
 import geoip2.database
-from fastapi import FastAPI, Path, Body
+from dotenv import load_dotenv
+from fastapi import Body, FastAPI, Path, Request, Response, status
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import RedirectResponse
+from geoip2.errors import AddressNotFoundError
 from pydantic import BaseModel
 
+# Load environment variables
+load_dotenv()
+
 app = FastAPI()
 
-GEOLITE2_ASN_DB = '/usr/local/share/GeoIP/GeoLite2-ASN.mmdb'
+# Configure CORS from environment variables
-GEOLITE2_CITY_DB = '/usr/local/share/GeoIP/GeoLite2-City.mmdb'
+cors_origins = os.getenv('CORS_ALLOW_ORIGINS', 'http://localhost')
+allow_origins = [origin.strip() for origin in cors_origins.split(',')
+                 if origin.strip()]
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=allow_origins,
+    allow_credentials=True,
+    allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+    allow_headers=["*"],
+)
+
+GEOLITE2_ASN_DB = os.getenv('GEOLITE2_ASN_DB',
+                            '/usr/local/share/GeoIP/GeoLite2-ASN.mmdb')
+GEOLITE2_CITY_DB = os.getenv('GEOLITE2_CITY_DB',
+                             '/usr/local/share/GeoIP/GeoLite2-City.mmdb')
+
 
 class IPAddressParam(BaseModel):
-    ip: Union[IPv6Address,IPv4Address]
+    '''
+    Payload entry as used in POST
+    '''
+    ip: Union[IPv6Address, IPv4Address]
+
 
 class Locality(BaseModel):
     '''
     Locality data
     '''
-    city: Optional[str]
+    city: Optional[str] = None
-    country: Optional[str]
+    country: Optional[str] = None
-    continent: Optional[str]
+    continent: Optional[str] = None
-    is_eu: bool
+    is_eu: bool = False
+
 
 class GeoLocation(BaseModel):
     '''
     Geolocation data model
     '''
-    ip: Union[IPv6Address,IPv4Address]
+    ip: Optional[Union[IPv6Address, IPv4Address]] = None
-    asn: Optional[int]
+    asn: Optional[int] = None
-    asn_org: Optional[str]
+    asn_org: Optional[str] = None
-    network: Union[IPv6Network,IPv4Network,None]
+    network: Optional[Union[IPv6Network, IPv4Network]] = None
-    locality: Locality
+    locality: Locality = Locality()
+
 
 @app.post("/")
-async def root_post(ipaddresses: Annotated[list[IPAddressParam],
+async def root_post(ipaddresses: Annotated[
-                                    Body(title="The IPAddresses to geolocate")]
+    list[IPAddressParam],
-               ) -> list[GeoLocation]:
+    Body(title="The IPAddresses to geolocate")],
+                    response: Response
+                    ) -> list[GeoLocation]:
+    '''
+    Return GeoLocation item(s) for a list of IPAddressParam objects
+    '''
     geolocations = []
     with (geoip2.database.Reader(GEOLITE2_ASN_DB) as reader_asn,
             geoip2.database.Reader(GEOLITE2_CITY_DB) as reader_city):
         for ipaddress in ipaddresses:
-            asn_data = reader_asn.asn(ipaddress.ip)
+            try:
-            city_data = reader_city.city(ipaddress.ip)
+                asn_data = reader_asn.asn(ipaddress.ip)
-            geolocations.append(GeoLocation(
+                city_data = reader_city.city(ipaddress.ip)
-                ip=ipaddress.ip,
+
-                asn=asn_data.autonomous_system_number,
+                geolocations.append(GeoLocation(
-                asn_org=asn_data.autonomous_system_organization,
+                    ip=ipaddress.ip,
-                network=asn_data.network,
+                    asn=asn_data.autonomous_system_number,
-                locality=Locality(
+                    asn_org=asn_data.autonomous_system_organization,
-                    city=city_data.city.name,
+                    network=asn_data.network,
-                    country=city_data.country.iso_code,
+                    locality=Locality(
-                    continent=city_data.continent.code,
+                        city=city_data.city.name,
-                    is_eu=city_data.country.is_in_european_union
+                        country=city_data.country.iso_code,
+                        continent=city_data.continent.code,
+                        is_eu=city_data.country.is_in_european_union
+                    )
+                ))
+            except AddressNotFoundError:
+                geolocations.append(GeoLocation(
+                    ip=ipaddress.ip
+                    )
                 )
-            ))
+    if geolocations:
+        response.headers['Cache-Control'] = 'private, max-age=604800'
     return geolocations
 
 
 @app.get("/{ipaddress}")
-async def root_get(ipaddress: Annotated[Union[IPv4Address,IPv6Address],
+async def root_get(ipaddress: Annotated[
-                                    Path(title="The IPAddress to geolocate")]
+    Union[IPv4Address, IPv6Address],
-               ) -> GeoLocation:
+    Path(title="The IPAddress to geolocate")],
+                   response: Response
+                   ) -> GeoLocation:
     '''
     Look up geolocation for ip in path parameter
     '''
-    return (await root_post([IPAddressParam(ip=ipaddress)])).pop()
+    locations = await root_post([IPAddressParam(ip=ipaddress)], response)
+    if locations:
+        response.headers['Cache-Control'] = 'private, max-age=604800'
+        return locations.pop()
+    response.status_code = status.HTTP_404_NOT_FOUND
+    return GeoLocation()
+
+
+@app.get("/")
+def root_redirect(req: Request) -> RedirectResponse:
+    '''
+    Redirect empty request using REMOTE_ADDR
+    '''
+    return RedirectResponse(url=str(req.url) + str(req.client.host))

requirements.txt

@@ -0,0 +1,2 @@
+geoip2==4.7.0
+fastapi==0.115.6

start.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+NAME=ismijnipverweg
+DIR=/opt/apps/ismijnipverweg/app
+USER=www
+GROUP=nobody
+WORKERS=3
+WORKER_CLASS=uvicorn.workers.UvicornWorker
+#VENV=$DIR/.venv/bin/activate
+BIND=unix:$DIR/../run/gunicorn.sock
+LOG_LEVEL=error
+
+cd $DIR
+# source $VENV
+
+exec /usr/local/bin/gunicorn main:app \
+  --name $NAME \
+  --workers $WORKERS \
+  --worker-class $WORKER_CLASS \
+  --user=$USER \
+  --group=$GROUP \
+  --bind=$BIND \
+  --log-level=$LOG_LEVEL \
+  --log-file=-