feat(backend): proxy endpoint for checkout.theshrine.net

feat(backend): block generic user agents
2024-03-11 18:19:17 +00:00 · 2024-03-11 18:18:49 +00:00
3 changed files with 42 additions and 3 deletions
--- a/backend/aci/proxy.py
+++ b/backend/aci/proxy.py
@ -13,11 +13,14 @@ router = APIRouter(prefix='/3p-proxy')
 def reformat_reject_date(date: str):
    return format_checkin_date(datetime.strptime(date, '%a %b %d %Y'))

+def make_client_session():
+    ssl_context = ssl.create_default_context(cafile=certifi.where())
+    return aiohttp.ClientSession(headers={'User-Agent': 'Mozilla 5.0 (compatible); aci-backend/1.0 (+https://git.ashhhleyyy.dev/ash/aci)'}, connector=aiohttp.TCPConnector(ssl=ssl_context))
+
@router.get('/reject')
 async def reject_proxy(date: str, time: str, activity: str, space: str):
    """We proxy the rejectdopamine API to maintain user pivacy (the extension does not transmit user IP addresses to third-party services)"""
-    ssl_context = ssl.create_default_context(cafile=certifi.where())
-    async with aiohttp.ClientSession(headers={'User-Agent': 'Mozilla 5.0 (compatible); aci-backend/1.0 (+https://git.ashhhleyyy.dev/ash/aci)'}, connector=aiohttp.TCPConnector(ssl=ssl_context)) as session:
+    async with make_client_session() as session:
        async with session.get('https://rejectdopamine.com/api/app/active/yrk/cs/1') as resp:
            response = await resp.json()
            activities = []
@ -46,3 +49,25 @@ async def reject_proxy(date: str, time: str, activity: str, space: str):
        'activity': activity,
        'codes': [],
    }
+
+@router.get('/shrine-checkout')
+async def shrine_checkout_proxy(date: str, time: str, activity: str, space: str):
+    """We proxy the checkout.theshrine.net API to maintain user privacy (the extension does not transmit user IP address to third-party services)"""
+    async with make_client_session() as session:
+        async with session.post('https://checkout.theshrine.net/api/activity/ext/id', json={
+                'date': date,
+                'time': time,
+                'activity': activity,
+                'space': space,
+        }) as resp:
+            response = await resp.json()
+            external_id = response['externalId']
+        async with session.get(f'https://checkout.theshrine.net/api/activity/ext/{external_id}/codes') as resp:
+            response = await resp.json()
+            return {
+                'date': date,
+                'time': time,
+                'space': space,
+                'activity': activity,
+                'codes': list(map(lambda c: {'code': c['code'], 'score': 0}, response['codes']))
+            }
--- a/backend/aci/utils.py
+++ b/backend/aci/utils.py
@ -1,6 +1,11 @@
 #!/usr/bin/env python3
 from datetime import datetime

+BAD_BOTS = [
+    'undici',
+    'curl/(.*)',
+]
+
 def today() -> str:
    now = datetime.now()
    return format_checkin_date(now)
--- a/backend/app.py
+++ b/backend/app.py
@ -2,9 +2,10 @@

 from typing import Union
 import hashlib
+import re
 import sqlite3

-from fastapi import Depends, FastAPI
+from fastapi import Depends, FastAPI, Request, Response
 from fastapi.middleware.cors import CORSMiddleware

 import uvicorn
@ -24,6 +25,14 @@ app.add_middleware(
    allow_headers="*",
 )

+@app.middleware('http')
+async def badbots_block(req: Request, call_next):
+    ua = req.headers.get('User-Agent', '')
+    for bot in utils.BAD_BOTS:
+        if re.match(bot, ua):
+            return Response('forbidden', status_code=403)
+    return await call_next(req)
+
@app.get('/')
 def index():
    return {
Author	SHA1	Message	Date
Ashhhleyyy	8c553b92f4	feat(backend): proxy endpoint for checkout.theshrine.net All checks were successful Publish docker image / Publish (push) Successful in 1m44s Details	2024-03-11 18:19:17 +00:00
Ashhhleyyy	fa88fa658e	feat(backend): block generic user agents	2024-03-11 18:18:49 +00:00