From 078514b69e51d24eb40c064b9cfbbcdd2164587c Mon Sep 17 00:00:00 2001 From: Ruben van Staveren Date: Wed, 11 Mar 2026 19:21:44 +0100 Subject: [PATCH 1/3] Add CORS handling, and load settings from .env --- app/main.py | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/app/main.py b/app/main.py index 6396921..b450ed0 100644 --- a/app/main.py +++ b/app/main.py @@ -1,19 +1,40 @@ ''' Simple Geolocation with FastAPI ''' +import os from ipaddress import IPv4Address, IPv4Network, IPv6Address, IPv6Network from typing import Annotated, Optional, Union import geoip2.database -from geoip2.errors import AddressNotFoundError -from fastapi import FastAPI, Path, Body, Request, Response, status +from dotenv import load_dotenv +from fastapi import Body, FastAPI, Path, Request, Response, status +from fastapi.middleware.cors import CORSMiddleware from fastapi.responses import RedirectResponse +from geoip2.errors import AddressNotFoundError from pydantic import BaseModel +# Load environment variables +load_dotenv() + app = FastAPI() -GEOLITE2_ASN_DB = '/usr/local/share/GeoIP/GeoLite2-ASN.mmdb' -GEOLITE2_CITY_DB = '/usr/local/share/GeoIP/GeoLite2-City.mmdb' +# Configure CORS from environment variables +cors_origins = os.getenv('CORS_ALLOW_ORIGINS', 'http://localhost') +allow_origins = [origin.strip() for origin in cors_origins.split(',') + if origin.strip()] + +app.add_middleware( + CORSMiddleware, + allow_origins=allow_origins, + allow_credentials=True, + allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"], + allow_headers=["*"], +) + +GEOLITE2_ASN_DB = os.getenv('GEOLITE2_ASN_DB', + '/usr/local/share/GeoIP/GeoLite2-ASN.mmdb') +GEOLITE2_CITY_DB = os.getenv('GEOLITE2_CITY_DB', + '/usr/local/share/GeoIP/GeoLite2-City.mmdb') class IPAddressParam(BaseModel): -- 2.52.0 From 479f9900443f1ef44077c4c7ec2432ed4da70c9e Mon Sep 17 00:00:00 2001 From: Ruben van Staveren Date: Fri, 13 Mar 2026 22:25:24 +0100 Subject: [PATCH 2/3] add more linters --- .gitea/workflows/bandit.yml | 17 +++++++++++++++++ .gitea/workflows/pip-audit.yml | 23 +++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 .gitea/workflows/bandit.yml create mode 100644 .gitea/workflows/pip-audit.yml diff --git a/.gitea/workflows/bandit.yml b/.gitea/workflows/bandit.yml new file mode 100644 index 0000000..36d634e --- /dev/null +++ b/.gitea/workflows/bandit.yml @@ -0,0 +1,17 @@ +--- +name: Bandit +on: [push] + + +# XXX need to do stuff with uv +jobs: + build: + runs-on: freebsd + strategy: + matrix: + python-version: ["3.11"] + steps: + - uses: actions/checkout@v4 + - name: Analyse code with Bandit + run: | + bandit -r . diff --git a/.gitea/workflows/pip-audit.yml b/.gitea/workflows/pip-audit.yml new file mode 100644 index 0000000..b713cda --- /dev/null +++ b/.gitea/workflows/pip-audit.yml @@ -0,0 +1,23 @@ +--- +name: pip-audit +on: + push: + branches: [main] + pull_request: + branches: [main] + schedule: + - cron: '0 0 * * 0' # Weekly on Sunday + +# XXX need to do stuff with uv +jobs: + build: + runs-on: freebsd + strategy: + matrix: + python-version: ["3.11"] + steps: + - uses: actions/checkout@v4 + - name: Check vulnerable components with pip-audit + run: | + pip-audit . + -- 2.52.0 From 8ec34cfbeb0f9a42da097f63c4c3951ebb2b553d Mon Sep 17 00:00:00 2001 From: Ruben van Staveren Date: Fri, 13 Mar 2026 22:26:15 +0100 Subject: [PATCH 3/3] Ignore vim swapfiles --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 5d381cc..5170c57 100644 --- a/.gitignore +++ b/.gitignore @@ -160,3 +160,5 @@ cython_debug/ # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ +# Vim swap files +*.sw? -- 2.52.0