Harden auth, redaction, upload size checks, and compose token requirements

2026-02-21 13:48:55 -03:00
parent 5792586a90
commit 3cbad053cc
21 changed files with 1168 additions and 85 deletions
--- a/backend/app/services/app_settings.py
+++ b/backend/app/services/app_settings.py
@@ -5,12 +5,16 @@ import re
 from pathlib import Path
 from typing import Any

-from app.core.config import get_settings
+from app.core.config import get_settings, normalize_and_validate_provider_base_url


 settings = get_settings()


+class AppSettingsValidationError(ValueError):
+    """Raised when user-provided settings values fail security or contract validation."""
+
+
 TASK_OCR_HANDWRITING = "ocr_handwriting"
 TASK_SUMMARY_GENERATION = "summary_generation"
 TASK_ROUTING_CLASSIFICATION = "routing_classification"
@@ -156,13 +160,13 @@ def _clamp_cards_per_page(value: int) -> int:
 def _clamp_processing_log_document_sessions(value: int) -> int:
    """Clamps the number of recent document log sessions kept during cleanup."""

-    return max(0, min(20, value))
+    return max(0, min(settings.processing_log_max_document_sessions, value))


 def _clamp_processing_log_unbound_entries(value: int) -> int:
    """Clamps retained unbound processing log events kept during cleanup."""

-    return max(0, min(400, value))
+    return max(0, min(settings.processing_log_max_unbound_entries, value))


 def _clamp_predefined_entries_limit(value: int) -> int:
@@ -242,12 +246,19 @@ def _normalize_provider(
    api_key_value = payload.get("api_key", fallback_values.get("api_key", defaults["api_key"]))
    api_key = str(api_key_value).strip() if api_key_value is not None else ""

+    raw_base_url = str(payload.get("base_url", fallback_values.get("base_url", defaults["base_url"]))).strip()
+    if not raw_base_url:
+        raw_base_url = str(defaults["base_url"]).strip()
+    try:
+        normalized_base_url = normalize_and_validate_provider_base_url(raw_base_url)
+    except ValueError as error:
+        raise AppSettingsValidationError(str(error)) from error
+
    return {
        "id": provider_id,
        "label": str(payload.get("label", fallback_values.get("label", provider_id))).strip() or provider_id,
        "provider_type": provider_type,
-        "base_url": str(payload.get("base_url", fallback_values.get("base_url", defaults["base_url"]))).strip()
-        or defaults["base_url"],
+        "base_url": normalized_base_url,
        "timeout_seconds": _clamp_timeout(
            _safe_int(
                payload.get("timeout_seconds", fallback_values.get("timeout_seconds", defaults["timeout_seconds"])),