Rate Limiting

.dockerignore

@@ -0,0 +1,112 @@
+# Git files
+.git
+.gitignore
+
+# Environment and configuration files
+.env
+.env.*
+*.env
+apimanager/apimanager/local_settings.py
+
+# IDE and editor files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+.DS_Store
+API-Manager.iml
+
+# Python cache and build artifacts
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual environments
+venv/
+env/
+ENV/
+.venv/
+
+# Testing and coverage
+.coverage
+.pytest_cache/
+htmlcov/
+.tox/
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+
+# Logs
+*.log
+logs/
+*.log.*
+
+# Database files
+*.db
+*.sqlite3
+db/
+
+# Temporary files
+*.tmp
+*.temp
+tmp/
+temp/
+
+# OS files
+Thumbs.db
+.DS_Store
+
+# Documentation build
+docs/_build/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# Node modules (if any)
+node_modules/
+
+# Rope project settings
+.ropeproject/
+
+# Development and deployment files
+docker-compose*.yml
+Dockerfile*
+.dockerignore
+nginx*.conf
+supervisor*.conf
+*.service
+
+# Backup files
+*.bak
+*.backup
+
+# Security and certificate files
+*.pem
+*.key
+*.crt
+*.cert
+*.p12
+*.pfx
+
+# Local development files
+cookies.txt

.zed/settings.json

@@ -0,0 +1,5 @@
+{
+  "format_on_save": "off",
+  "remove_trailing_whitespace_on_save": false,
+  "ensure_final_newline_on_save": false
+}

Dockerfile

@@ -1,10 +1,22 @@
 FROM python:3.10
-COPY . /app
+
+# Create non-root user
+RUN groupadd --gid 1000 appuser \
+    && useradd --uid 1000 --gid appuser --shell /bin/bash --create-home appuser
+
+COPY requirements.txt /app/
+COPY apimanager/ /app/apimanager/
+COPY static/ /app/static/
+COPY gunicorn.conf.py /app/gunicorn.conf.py
 COPY .github/local_settings_container.py /app/apimanager/apimanager/local_settings.py
-COPY .github/gunicorn.conf.py /app/gunicorn.conf.py
 RUN pip install -r /app/requirements.txt
 WORKDIR /app
 RUN ./apimanager/manage.py migrate
+
+# Set proper ownership and switch to non-root user
+RUN chown -R appuser:appuser /app
+USER appuser
+
 WORKDIR /app/apimanager
 EXPOSE 8000
 CMD ["gunicorn", "--bind", ":8000", "--config", "../gunicorn.conf.py", "apimanager.wsgi"]

apimanager/apimanager/settings.py

@@ -332,11 +332,13 @@
 # DO NOT TRY TO DO SO YOU WILL BE IGNORED!
 OBPv500 = API_HOST + '/obp/v5.0.0'
 OBPv510 = API_HOST + '/obp/v5.1.0'
+OBPv600 = API_HOST + '/obp/v6.0.0'
 
 # API Versions
 API_VERSION = {
     "v500": OBPv500,
-    "v510": OBPv510
+    "v510": OBPv510,
+    "v600": OBPv600
 }
 # For some reason, swagger is not available at the latest API version
 #API_URL_SWAGGER = API_HOST + '/obp/v1.4.0/resource-docs/v' + 5.1.0 + '/swagger'  # noqa

apimanager/base/context_processors.py

@@ -13,7 +13,7 @@
 
 def api_version_processor(request):
     """Returns the configured API_VERSION"""
-    return {'API_VERSION': settings.API_VERSION['v500']}
+    return {'API_VERSION': settings.API_VERSION['v510']}
 
 
 def portal_page(request):
@@ -82,7 +82,7 @@ def api_user_id(request):
     """Returns the API user id of the logged-in user"""
     user_id = 'not authenticated'
     get_current_user_api_url = USER_CURRENT
-    #Here we can not get the user from obp-api side, so we use the django auth user id here. 
+    #Here we can not get the user from obp-api side, so we use the django auth user id here.
     cache_key_django_user_id = request.session._session.get('_auth_user_id')
     cache_key = '{},{},{}'.format('api_user_id',get_current_user_api_url, cache_key_django_user_id)
     apicaches=None
@@ -112,4 +112,3 @@ def api_tester_url(request):
     """Returns the URL to the API Tester for the API instance"""
     url = getattr(settings, 'API_TESTER_URL', None)
     return {'API_TESTER_URL': url}
-

apimanager/base/templates/home.html

@@ -1,73 +1,95 @@
-{% extends 'base.html' %}
-{% load i18n %}
-{% block content %}
+{% extends 'base.html' %} {% load i18n %} {% block content %}
 <div class="home">
-	<h1>{% trans "Welcome to API Manager" %}</h1>
-	<div class="well" id="intro">
-		{% if not user.is_authenticated %}
-		<p>
-			{% trans "API Manager allows you to manage some aspects of the OBP instance at " %} <a href="{{ API_HOST }}">{{ API_HOST }}</a>. {% trans "You have to " %} <a href="{{ API_HOST }}" title="Login at {{ API_HOST }}"> {% trans "login" %} </a> {% trans "or" %} <a href="{{ API_HOST }}/user_mgt/sign_up" title="Register at {{ API_HOST }}"> {% trans "register" %} </a> {% trans "an account before being able to proceed" %}.{% trans "Your access is limited by the Entitlements you have." %}
-		</p>
-		{% else %}
-		<p>
-			{% trans "API Manager allows you to manage some aspects of the OBP instance at " %} <a href="{{ API_HOST }}">{{ API_HOST }}</a>.
-		</p>
-		{% endif %}
-	</div>
-	{% if not user.is_authenticated %}
-	<div id="login">
-		<label for="authentication-select"><h2>{% trans "Authenticate" %}</h2></label>
-		<div class="row">
-			<div class="col-xs-12 col-sm-3">
-				<select class="form-control" id="authentication-select">
-					<option value="">{% trans "Choose ..." %}</option>
-					<option value="oauth">OAuth 1/OpenID Connect</option>
-					 {% if ALLOW_DIRECT_LOGIN %}
-					<option value="directlogin" >DirectLogin</option>
-					{% endif %}
-					{% if ALLOW_GATEWAY_LOGIN %}
-					<option value="gatewaylogin" >GatewayLogin</option>
-					{% endif %}
- 				</select>
-			</div>
-
-			<div class="col-xs-12 col-sm-9">
-				<div class="authentication-method" id="authenticate-oauth">
-					<a class="btn btn-primary" href="{% url 'oauth-initiate' %}{% if request.GET.next %}?next={{ request.GET.next }}{% endif %}">{% trans "Proceed to authentication server" %}</a>
-				</div>
-				<div class="authentication-method" id="authenticate-directlogin">
-					<form action="{% url 'directlogin' %}" method="post">
-						{% csrf_token %}
-						<div class="form-group">
-							<label for="username">Username:</label>
-							{{ directlogin_form.username }}
-						</div>
-						<div class="form-group">
-							<label for="password">Password:</label>
-							{{ directlogin_form.password }}
-						</div>
-						<button class="btn btn-primary">Login</button>
-					</form>
-				</div>
-				<div class="authentication-method" id="authenticate-gatewaylogin">
-					<form action="{% url 'gatewaylogin' %}" method="post">
-						{% csrf_token %}
-						<div class="form-group">
-							<label for="username">Username:</label>
-							{{ gatewaylogin_form.username }}
-						</div>
-						<div class="form-group">
-							<label for="secret">Secret:</label>
-							{{ gatewaylogin_form.secret }}
-						</div>
-						<button class="btn btn-primary">Login</button>
-					</form>
-
-				</div>
-			</div>
-		</div>
-	</div>
-	{% endif %}
+    <h1>{% trans "Welcome to API Manager" %}</h1>
+    <div class="well" id="intro">
+        {% if not user.is_authenticated %}
+        <p>
+            {% trans "API Manager allows you to manage some aspects of the OBP
+            instance at " %} <a href="{{ API_HOST }}">{{ API_HOST }}</a>. {%
+            trans "You have to " %}
+            <a href="{{ API_HOST }}" title="Login at {{ API_HOST }}">
+                {% trans "login" %}
+            </a>
+            {% trans "or" %}
+            <a
+                href="{{ API_HOST }}/user_mgt/sign_up"
+                title="Register at {{ API_HOST }}"
+            >
+                {% trans "register" %}
+            </a>
+            {% trans "an account before being able to proceed" %}.{% trans "Your
+            access is limited by the Entitlements you have." %}
+        </p>
+        {% else %}
+        <p>
+            {% trans "API Manager allows you to manage some aspects of the OBP
+            instance at " %} <a href="{{ API_HOST }}">{{ API_HOST }}</a>.
+        </p>
+        {% endif %}
+    </div>
+    {% if not user.is_authenticated %}
+    <div id="login">
+        <label for="authentication-select"
+            ><h2>{% trans "Authenticate" %}</h2></label
+        >
+        <div class="row">
+            <div class="col-xs-12 col-sm-3">
+                <select class="form-control" id="authentication-select">
+                    <option value="">{% trans "Choose ..." %}</option>
+                    <option value="oauth">OAuth 1/OpenID Connect</option>
+                    {% if ALLOW_DIRECT_LOGIN %}
+                    <option value="directlogin">DirectLogin</option>
+                    {% endif %} {% if ALLOW_GATEWAY_LOGIN %}
+                    <option value="gatewaylogin">GatewayLogin</option>
+                    {% endif %}
+                </select>
+            </div>
 
+            <div class="col-xs-12 col-sm-9">
+                <div class="authentication-method" id="authenticate-oauth">
+                    <a
+                        class="btn btn-primary"
+                        href="{% url 'oauth-initiate' %}{% if request.GET.next %}?next={{ request.GET.next }}{% endif %}"
+                        >{% trans "Proceed to authentication server" %}</a
+                    >
+                </div>
+                <div
+                    class="authentication-method"
+                    id="authenticate-directlogin"
+                >
+                    <form action="{% url 'directlogin' %}" method="post">
+                        {% csrf_token %}
+                        <div class="form-group">
+                            <label for="username">Username:</label>
+                            {{ directlogin_form.username }}
+                        </div>
+                        <div class="form-group">
+                            <label for="password">Password:</label>
+                            {{ directlogin_form.password }}
+                        </div>
+                        <button class="btn btn-primary">Login</button>
+                    </form>
+                </div>
+                <div
+                    class="authentication-method"
+                    id="authenticate-gatewaylogin"
+                >
+                    <form action="{% url 'gatewaylogin' %}" method="post">
+                        {% csrf_token %}
+                        <div class="form-group">
+                            <label for="username">Username:</label>
+                            {{ gatewaylogin_form.username }}
+                        </div>
+                        <div class="form-group">
+                            <label for="secret">Secret:</label>
+                            {{ gatewaylogin_form.secret }}
+                        </div>
+                        <button class="btn btn-primary">Login</button>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+    {% endif %}
 </div>
 {% endblock %}