Añadidas modificaciones de seguridad

2026-04-07 09:52:36 +02:00
parent c7849bface
commit ffab8ccce6
2 changed files with 12 additions and 1 deletions
@@ -1,13 +1,19 @@
 # api/routers/docit2mf_build.py

+import logging
 from fastapi import APIRouter, HTTPException
+from slowapi import Limiter
+from slowapi.util import get_remote_address
 from api.models.docit2mf_models import DoCIT2MFMultiRequest
 from api.services.docit2mf_build_service import build_it2mf_from_level

 router = APIRouter(prefix="/criteria", tags=["criteria"])
+limiter = Limiter(key_func=get_remote_address)
+logger = logging.getLogger(__name__)


@router.post("/doc-it2mf/build")
+@limiter.limit("10/minute")
 async def build_doc_it2mf(request: DoCIT2MFMultiRequest):
    results = []

@@ -15,6 +21,10 @@ async def build_doc_it2mf(request: DoCIT2MFMultiRequest):
        for level in request.levels:
            results.append(build_it2mf_from_level(level))
    except ValueError as e:
-        raise HTTPException(status_code=400, detail=str(e))
+        logger.warning(f"Validation error in doc-it2mf/build: {str(e)}")
+        raise HTTPException(status_code=400, detail="Invalid input data")
+    except Exception as e:
+        logger.error(f"Unexpected error in doc-it2mf/build: {str(e)}", exc_info=True)
+        raise HTTPException(status_code=500, detail="Internal server error")

    return {"levels": results}
@@ -5,3 +5,4 @@ pydantic
 passlib
 bcrypt==4.0.1
 email-validator
+slowapi