kin: BATON-SEC-006-backend_dev

2026-03-21 07:56:44 +02:00 · 2026-03-21 07:56:44 +02:00 · 4b7e59d78d
commit 4b7e59d78d
parent 097b7af949
3 changed files with 40 additions and 20 deletions
--- a/backend/middleware.py
+++ b/backend/middleware.py
@ -1,13 +1,12 @@
 from __future__ import annotations

 import secrets
-import time
 from typing import Optional

 from fastapi import Depends, Header, HTTPException, Request
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

-from backend import config
+from backend import config, db

 _bearer = HTTPBearer(auto_error=False)

@ -45,28 +44,14 @@ async def verify_admin_token(


 async def rate_limit_register(request: Request) -> None:
-    counters = request.app.state.rate_counters
-    client_ip = _get_client_ip(request)
-    now = time.time()
-    count, window_start = counters.get(client_ip, (0, now))
-    if now - window_start >= _RATE_WINDOW:
-        count = 0
-        window_start = now
-    count += 1
-    counters[client_ip] = (count, window_start)
+    key = f"reg:{_get_client_ip(request)}"
+    count = await db.rate_limit_increment(key, _RATE_WINDOW)
    if count > _RATE_LIMIT:
        raise HTTPException(status_code=429, detail="Too Many Requests")


 async def rate_limit_signal(request: Request) -> None:
-    counters = request.app.state.rate_counters
    key = f"sig:{_get_client_ip(request)}"
-    now = time.time()
-    count, window_start = counters.get(key, (0, now))
-    if now - window_start >= _SIGNAL_RATE_WINDOW:
-        count = 0
-        window_start = now
-    count += 1
-    counters[key] = (count, window_start)
+    count = await db.rate_limit_increment(key, _SIGNAL_RATE_WINDOW)
    if count > _SIGNAL_RATE_LIMIT:
        raise HTTPException(status_code=429, detail="Too Many Requests")