idZddlZddlmZmZddlmZmZmZddl m Z ddl m Z ddl Z ddlZddlZddlmZmZddlmZd ed efd Zd ed efd Zd ed efd ZdeddfdZdefdZy)z1Custom middleware for the DevAll workflow system.N)Callable Awaitable)Request HTTPExceptionFastAPI) JSONResponse)CORSMiddleware)get_server_loggerLogType) SecurityErrorrequest call_nextc K|jjdxsttj}||j _tj}||d{}tj|z }t}|j|jt|j||jjt|j|jr|jj nd|jjd|j#|j$|||jjd||jd<|S7w)z+Add correlation ID to requests for tracing.X-Correlation-IDNz user-agent)correlation_idpath query_params client_host user_agentzcontent-length)rcontent_length)headersgetstruuiduuid4statertimer log_requestmethodurlrdictrclienthost log_response status_code)r rr start_timeresponsedurationloggers =/Users/bowang/.openclaw/workspace/ChatDev/utils/middleware.pycorrelation_id_middlewarer+s*__(();<QDJJL@QN#1GMM Jw''Hyy{Z'H F  GKK% [[  '../+2>>GNN''t??&&|4 %''++,<= ,:H'( O3(sA+E6-E3.DE6c K|jjjdrv|jdvrh|jj ddj }|jds-|jdk7r|jds tdd |jj}d |vsd |vrttjd |r^t}|jdd|t|jdttj tdd ||d{}|S7w)z)Security middleware to validate requests.z/api/)POSTPUTPATCHz content-typezapplication/jsonGETzmultipart/form-dataiz7Content-Type must be application/json for API endpoints)r%detailz..z./z(\.{2}[/\\])|([/\\]\.{2})PATH_TRAVERSAL_ATTEMPTzSuspicious path detected: r)rz Invalid pathN)r r startswithrrrlowerrresearchr log_security_eventgetattrrrrr)r r content_typerr)r's r*security_middlewarer;2s{{""7+BZ0Z**>2>DDF &&'9:w~~QV?V**+@A# #T ;;  D t|tt| 9914 8&(F  % %(,TF3&w}}6FDJJLHYZ &   CG Gw''H O(sD9E;E<Ec2K||d{}|S7w)z0Rate limiting middleware (basic implementation).N)r rr's r*rate_limit_middlewarer>Qs w''H O(s appreturnc  ddg}tjd}|r@|jdDcgc]#}|js|j%}}d}n|}d}|j t ||ddgdgd gd ycc}w) z%Configure and attach CORS middleware.zhttp://localhost:5173zhttp://127.0.0.1:5173CORS_ALLOW_ORIGINS,Nz*^https?://(localhost|127\.0\.0\.1)(:\d+)?$T*riX) allow_originsallow_origin_regexallow_credentials allow_methods allow_headersexpose_headersmax_age)osgetenvsplitstripadd_middlewarer )r?default_origins env_originsoorigins origin_regexs r*add_cors_middlewarerVZs O))01K&1&7&7&<J&< 1779&<J !D 'ee*+ Ks BBct||jdt|jdt|S)z.Add all middleware to the FastAPI application.http)rV middlewarer+r;)r?s r*rPrPvs=CNN645CNN6./ J)__doc__rtypingrrfastapirrrfastapi.responsesrfastapi.middleware.corsr rr6rLutils.structured_loggerr r utils.exceptionsr r+r;r>rVrPr=rZr*rbs7 &33*2 >*WDw8>XW8  rZ