kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(security): extend rate limits on sync, tests, evidence and reports [FASE-3.4]

Browse Source
This commit is contained in:
Kitos
2026-05-18 14:16:53 +02:00
parent 5b29c2fc56
commit 3e854b7b79
7 changed files with 94 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/app/routers/professional_reports.py
View File

@@ -2,13 +2,14 @@
from uuid import UUID
from fastapi import APIRouter, Depends, Query
from fastapi import APIRouter, Depends, Query, Request
from fastapi.responses import FileResponse
from sqlalchemy.orm import Session
from app.database import get_db
from app.dependencies.auth import get_current_user, require_any_role
from app.models.user import User
from app.limiter import limiter
from app.services import report_generation_service
router = APIRouter(prefix="/reports/generate", tags=["professional-reports"])
@@ -21,7 +22,9 @@ _MEDIA_TYPES = {
@router.get("/purple-campaign/{campaign_id}")
@limiter.limit("5/minute")
def generate_purple_report(
request: Request,
campaign_id: UUID,
format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
db: Session = Depends(get_db),
@@ -39,7 +42,9 @@ def generate_purple_report(
@router.get("/coverage-summary")
@limiter.limit("5/minute")
def generate_coverage_report(
request: Request,
format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
db: Session = Depends(get_db),
user: User = Depends(require_any_role("red_lead", "blue_lead", "viewer")),
@@ -56,7 +61,9 @@ def generate_coverage_report(
@router.get("/executive-summary")
@limiter.limit("5/minute")
def generate_executive_report(
request: Request,
format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
db: Session = Depends(get_db),
user: User = Depends(require_any_role("red_lead", "blue_lead", "viewer")),
@@ -73,7 +80,9 @@ def generate_executive_report(
@router.get("/quarterly-summary")
@limiter.limit("5/minute")
def generate_quarterly_report(
request: Request,
format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
db: Session = Depends(get_db),
user: User = Depends(require_any_role("red_lead", "blue_lead", "viewer")),
@@ -90,7 +99,9 @@ def generate_quarterly_report(
@router.get("/technique/{technique_id}")
@limiter.limit("5/minute")
def generate_technique_report(
request: Request,
technique_id: UUID,
format: str = Query("pdf", pattern="^(pdf|docx|html)$"),
db: Session = Depends(get_db),