fix(backend): use certifi for ssl store

2024-03-11 10:27:34 +00:00 · 2024-03-11 10:27:34 +00:00 · 53f257bc4b
commit 53f257bc4b
parent 01114692dc
2 changed files with 5 additions and 1 deletions
--- a/backend/aci/proxy.py
+++ b/backend/aci/proxy.py
@ -1,4 +1,6 @@
 import aiohttp
+import certifi
+import ssl

 from datetime import datetime

@ -14,7 +16,8 @@ def reformat_reject_date(date: str):
@router.get('/reject')
 async def reject_proxy(date: str, time: str, activity: str, space: str):
    """We proxy the rejectdopamine API to maintain user pivacy (the extension does not transmit user IP addresses to third-party services)"""
-    async with aiohttp.ClientSession(headers={'User-Agent': 'Mozilla 5.0 (compatible); aci-backend/1.0 (+https://git.ashhhleyyy.dev/ash/aci)'}) as session:
+    ssl_context = ssl.create_default_context(cafile=certifi.where())
+    async with aiohttp.ClientSession(headers={'User-Agent': 'Mozilla 5.0 (compatible); aci-backend/1.0 (+https://git.ashhhleyyy.dev/ash/aci)'}, connector=aiohttp.TCPConnector(ssl=ssl_context)) as session:
        async with session.get('https://rejectdopamine.com/api/app/active/yrk/cs/1') as resp:
            response = await resp.json()
            activities = []
--- a/flake.nix
+++ b/flake.nix
@ -20,6 +20,7 @@
          fastapi
          uvicorn
          aiohttp
+          certifi
          python-lsp-server
        ];
        version = self.shortRev or self.dirtyShortDev or "dirty-inputs";