Benjamin_Boenisch/breakpilot-pwa
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-02-15. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
main
breakpilot-pwa/backend/main.py
BreakPilot Dev 1246d5e792
Some checks failed
ci/woodpecker/push/integration Pipeline failed
Details
ci/woodpecker/push/main Pipeline failed
Details
CI/CD Pipeline / Docker Build & Push (push) Has been cancelled
Details
CI/CD Pipeline / Linting (push) Has been cancelled
Details
CI/CD Pipeline / Go Tests (push) Has been cancelled
Details
CI/CD Pipeline / Python Tests (push) Has been cancelled
Details
CI/CD Pipeline / Website Tests (push) Has been cancelled
Details
CI/CD Pipeline / Security Scan (push) Has been cancelled
Details
CI/CD Pipeline / Integration Tests (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / CI Summary (push) Has been cancelled
Details
Security Scanning / Python Security Scan (push) Has been cancelled
Details
Security Scanning / Node.js Security Scan (push) Has been cancelled
Details
Security Scanning / Secret Scanning (push) Has been cancelled
Details
Security Scanning / Dependency Vulnerability Scan (push) Has been cancelled
Details
Security Scanning / Go Security Scan (push) Has been cancelled
Details
Security Scanning / Docker Image Security (push) Has been cancelled
Details
Security Scanning / Security Summary (push) Has been cancelled
Details
Tests / Go Tests (push) Has been cancelled
Details
Tests / Python Tests (push) Has been cancelled
Details
Tests / Integration Tests (push) Has been cancelled
Details
Tests / Go Lint (push) Has been cancelled
Details
Tests / Python Lint (push) Has been cancelled
Details
Tests / Security Scan (push) Has been cancelled
Details
Tests / All Checks Passed (push) Has been cancelled
Details
feat: Add SDK Protection Middleware against systematic enumeration 
Implements anomaly-score-based middleware to protect SDK/Compliance
endpoints from systematic data harvesting. Includes 5 detection
mechanisms (diversity, burst, sequential enumeration, unusual hours,
multi-tenant), multi-window quota system, progressive throttling,
HMAC watermarking, and graceful Valkey fallback.

- backend/middleware/sdk_protection.py: Core middleware (~750 lines)
- Admin API endpoints for score management and tier configuration
- 14 new tests (all passing)
- MkDocs documentation with clear explanations
- Screen flow and middleware dashboard updates

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 11:14:25 +01:00

154 lines
7.8 KiB
Python
Raw Permalink Blame History

from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from fastapi.staticfiles import StaticFiles
from pathlib import Path
from middleware import SDKProtectionMiddleware
from original_service import router as original_router
from learning_units_api import router as learning_units_router
from frontend.studio import router as studio_router
from frontend.preview import router as preview_router
from frontend.school import router as school_router
from frontend.meetings import router as meetings_router
from frontend.customer import router as customer_router
from frontend.dev_admin import router as dev_admin_router
from meetings_api import router as meetings_api_router
from recording_api import router as recording_api_router
from consent_api import router as consent_router
from consent_admin_api import router as consent_admin_router
from gdpr_api import router as gdpr_router, admin_router as gdpr_admin_router
from auth_api import router as auth_router
from notification_api import router as notification_router
from deadline_api import router as deadline_router
from email_template_api import router as email_template_router, versions_router as email_template_versions_router
from dsr_api import router as dsr_router
from dsr_admin_api import router as dsr_admin_router, templates_router as dsr_templates_router
from messenger_api import router as messenger_router
from jitsi_api import router as jitsi_router
from school_api import router as school_api_router
from letters_api import router as letters_router
from certificates_api import router as certificates_router
from worksheets_api import router as worksheets_router
from correction_api import router as correction_router
from state_engine_api import router as state_engine_router
from klausur_service_proxy import router as klausur_service_router
from abitur_docs_api import router as abitur_docs_router
from rbac_api import router as rbac_router
from security_api import router as security_router
from api.tests import router as tests_registry_router
from system_api import router as system_router
from classroom_api import router as classroom_router
# LLM Gateway, Alerts Agent, und GPU Infra (optional, wenn konfiguriert)
import os
LLM_GATEWAY_ENABLED = os.getenv("LLM_GATEWAY_ENABLED", "false").lower() == "true"
ALERTS_AGENT_ENABLED = os.getenv("ALERTS_AGENT_ENABLED", "false").lower() == "true"
VAST_API_KEY = os.getenv("VAST_API_KEY") # vast.ai wird aktiviert wenn API Key gesetzt
app = FastAPI(title="BreakPilot Backend")
# Mount static files directory for CSS, JS, and other assets
static_dir = Path(__file__).parent / "frontend" / "static"
if static_dir.exists():
app.mount("/static", StaticFiles(directory=str(static_dir)), name="static")
# CORS-Konfiguration für Frontend-Zugriff
app.add_middleware(
CORSMiddleware,
allow_origins=["*"], # In Produktion spezifische Origins angeben
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# SDK Protection Middleware (Schutz vor systematischer Enumeration)
app.add_middleware(SDKProtectionMiddleware)
# Hier hängen wir die einzelnen Service-Router ein.
# Alle Routen bekommen das Präfix /api, damit das Frontend sie findet.
app.include_router(original_router, prefix="/api")
app.include_router(learning_units_router, prefix="/api")
app.include_router(consent_router, prefix="/api")
app.include_router(consent_admin_router, prefix="/api")
app.include_router(gdpr_router, prefix="/api")
app.include_router(gdpr_admin_router, prefix="/api")
app.include_router(auth_router, prefix="/api")
app.include_router(notification_router, prefix="/api")
app.include_router(deadline_router, prefix="/api")
app.include_router(email_template_router) # Hat bereits /api Präfix im Router
app.include_router(email_template_versions_router) # Hat bereits /api Präfix im Router
# DSR (Data Subject Requests / Betroffenenanfragen)
app.include_router(dsr_router, prefix="/api")
app.include_router(dsr_admin_router, prefix="/api")
app.include_router(dsr_templates_router, prefix="/api")
# Frontend-UI und Preview-Endpunkte (ohne /api Präfix)
app.include_router(studio_router)
app.include_router(preview_router)
app.include_router(school_router) # Schulverwaltung Frontend
app.include_router(meetings_router) # Meetings/Jitsi Frontend
app.include_router(meetings_api_router) # Meetings API (already has /api/meetings prefix)
app.include_router(recording_api_router) # Recording API (already has /api/recordings prefix)
app.include_router(customer_router) # Slim Customer Portal (/customer, /account, /mein-konto)
app.include_router(dev_admin_router) # Developer Admin Frontend (/dev-admin)
# Messenger API (Kontakte, Konversationen, Nachrichten)
app.include_router(messenger_router) # Hat bereits /api/messenger Präfix im Router
# Jitsi API (Meeting-Einladungen per Email)
app.include_router(jitsi_router) # Hat bereits /api/jitsi Präfix im Router
# School Service API Proxy (leitet an school-service:8084 weiter)
app.include_router(school_api_router, prefix="/api")
# Letters API (Elternbriefe mit PDF-Export und GFK-Integration)
app.include_router(letters_router, prefix="/api")
# Certificates API (Zeugnisse mit PDF-Export und Workflow)
app.include_router(certificates_router, prefix="/api")
# Worksheets API (Content-Generatoren: MC, Cloze, Mindmap, Quiz)
app.include_router(worksheets_router, prefix="/api")
# Correction API (OCR-basierte Klassenarbeits-Korrektur)
app.include_router(correction_router, prefix="/api")
# State Engine API (Begleiter-Modus mit Phasen und Antizipation)
app.include_router(state_engine_router, prefix="/api")
# Klausur-Service Proxy (leitet an klausur-service:8086 weiter)
app.include_router(klausur_service_router, prefix="/api")
# Abitur Docs API (NiBiS-Dokumente, RAG-Vorbereitung)
app.include_router(abitur_docs_router, prefix="/api")
# RBAC API (Lehrer- und Rollenverwaltung)
app.include_router(rbac_router, prefix="/api")
# Security API (DevSecOps Dashboard)
app.include_router(security_router, prefix="/api")
# Test Registry API (Test Dashboard mit Echtzeit-Fortschritt)
app.include_router(tests_registry_router) # Hat bereits /api/tests Praefix im Router
# System API (Health Check, Local IP fuer QR-Code Mobile Upload)
app.include_router(system_router) # Hat bereits Pfade im Router
# Classroom API (Unterrichts-Steuerung mit Phasen und Timer)
app.include_router(classroom_router, prefix="/api/classroom")
# LLM Gateway Routes (optional)
if LLM_GATEWAY_ENABLED:
from llm_gateway.routes import chat_router, playbooks_router, health_router, tools_router
app.include_router(health_router, prefix="/llm", tags=["LLM Gateway"])
app.include_router(chat_router, prefix="/llm/v1", tags=["LLM Gateway"])
app.include_router(playbooks_router, prefix="/llm", tags=["LLM Gateway"])
app.include_router(tools_router, prefix="/llm/tools", tags=["LLM Tools"])
# Alerts Agent Routes (optional)
if ALERTS_AGENT_ENABLED:
from alerts_agent.api import router as alerts_router
app.include_router(alerts_router, prefix="/api", tags=["Alerts Agent"])
# vast.ai GPU Infrastructure Routes (optional)
if VAST_API_KEY:
from infra.vast_power import router as vast_router
app.include_router(vast_router, tags=["GPU Infrastructure"])
# EduSearch Seeds API (immer aktiv - Admin-Verwaltung der Crawler-Seeds)
from llm_gateway.routes.edu_search_seeds import router as edu_search_seeds_router
app.include_router(edu_search_seeds_router, prefix="/v1", tags=["EduSearch"])
# Communication API (Lehrer-Eltern-Kommunikation mit GFK-Prinzipien)
from llm_gateway.routes.communication import router as communication_router
app.include_router(communication_router, prefix="/v1", tags=["Communication"])
# Legal Crawler API (Crawlt Schulgesetze und rechtliche Inhalte)
from llm_gateway.routes.legal_crawler import router as legal_crawler_router
app.include_router(legal_crawler_router, prefix="/v1", tags=["Legal Crawler"])
Reference in New Issue View Git Blame Copy Permalink