ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

perf: cache is_trusted_proxy result per request

Browse Source
This commit is contained in:
Username
2025-12-26 00:48:55 +01:00
parent 13ed5ed9cb
commit 63034e17fe
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/api/routes.py
View File

@@ -600,12 +600,20 @@ def require_auth() -> Response | None:
def is_trusted_proxy() -> bool:
"""Verify request comes from trusted reverse proxy via shared secret."""
"""Verify request comes from trusted reverse proxy via shared secret.
Result is cached per-request in Flask's g object for efficiency.
"""
if hasattr(g, "_trusted_proxy"):
return g._trusted_proxy
expected = current_app.config.get("TRUSTED_PROXY_SECRET", "")
if not expected:
g._trusted_proxy = True
return True
provided = request.headers.get("X-Proxy-Secret", "")
return hmac.compare_digest(expected, provided)
g._trusted_proxy = hmac.compare_digest(expected, provided)
return g._trusted_proxy
def get_client_fingerprint() -> str | None: