diff options
| author |  Chris Lovering <[email protected]> | 2024-08-19 01:05:27 +0100 |
|---|---|---|
| committer | Chris Lovering <[email protected]> | 2024-08-19 01:05:27 +0100 |
| commit | fe6abd8a5719cbcab1d1207918136f19042e4fa3 (patch) | |
| tree | df09b6c83653189f668fce044c41096386e5bde0 /thallium-backend/src/app.py | |
| parent | Caddy local support (diff) | |
Add debug endpoints and implement token auth
Co-authored-by: Joe Banks <[email protected]>
Diffstat (limited to 'thallium-backend/src/app.py')
| -rw-r--r-- | thallium-backend/src/app.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py index 6060ec3..3e5847c 100644 --- a/thallium-backend/src/app.py +++ b/thallium-backend/src/app.py @@ -1,6 +1,8 @@ import logging +import time +from collections.abc import Awaitable, Callable -from fastapi import FastAPI, Request +from fastapi import FastAPI, Request, Response from fastapi.exceptions import RequestValidationError from fastapi.responses import JSONResponse @@ -24,3 +26,19 @@ def pydantic_validation_error(request: Request, error: RequestValidationError) - """Raise a warning for pydantic validation errors, before returning.""" log.warning("Error from %s: %s", request.url, error) return JSONResponse({"error": str(error)}, status_code=422) + + +@fastapi_app.middleware("http") +async def add_process_time_and_security_headers( + request: Request, + call_next: Callable[[Request], Awaitable[Response]], +) -> Response: + """Add process time and some security headers before sending the response.""" + start_time = time.perf_counter() + response = await call_next(request) + response.headers["X-Process-Time"] = str(time.perf_counter() - start_time) + response.headers["X-Frame-Options"] = "DENY" + response.headers["X-XSS-Protection"] = "1; mode=block" + response.headers["Strict-Transport-Security"] = "max-age=31536000" + response.headers["X-Content-Type-Options"] = "nosniff" + return response |