SPDT/sapl - sapl - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Edward Ribeiro	a9416f5ad2	Phase 7: HTTP conditional requests, static caching, nginx cleanup - ConditionalGetMiddleware added to MIDDLEWARE (ETag/304 for all views) - @condition(etag_func, last_modified_func) on MateriaLegislativa and NormaJuridica detail views — skips view execution on cache hit via data_ultima_atualizacao (auto_now=True) as freshness signal - nginx /static/: expires 90m + Cache-Control public, max-age=5400 - nginx: removed upload-endpoint special-casing (location ~* ^/(protocoloadm/criar-protocolo\|...)) - plan/RATE-LIMITER-PLAN.md updated to reflect all Phase 7 changes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2 weeks ago
Edward Ribeiro	64c9b241fa	Phase 5: X-Accel-Redirect for /media/, UA Redis deny list, per-path counters nginx: - /media/ proxied through Gunicorn (sapl_general rate limit) instead of direct alias — Django middleware now runs on every media request - /_accel/media/ internal location serves file bytes via X-Accel-Redirect sapl/base/media.py (new): - serve_media() gate: path traversal guard, auth redirect for documentos_privados/, per-path Redis counter, content-type metadata cache, X-Accel-Redirect response; falls back to Django serve() in DEBUG sapl/middleware/ratelimit.py: - RL_PATH_REQUESTS, RL_UA_BLOCKLIST, FILE_META_KEY constants - _incr_with_ttl() extracted to module level (reused by media.py) - Runtime UA deny list: _refresh_ua_blocklist() fetches rl:bot:ua:blocked SET from Redis (SMEMBERS, cached per worker, TTL=RATE_LIMITER_UA_BLOCKLIST_REFRESH); _is_redis_blocked_ua() tokenises UA and checks sha256 of each token sapl/settings.py: - RATE_LIMITER_UA_BLOCKLIST_REFRESH, MEDIA_PATH_COUNTER_TTL, MEDIA_FILE_CACHE_TTL added (all env-tunable via config()) plan/RATE_LIMITER_PLAN.md: - Key schema table updated; media file serving section added; decision flow documented; UA deny list seed section expanded Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	3 weeks ago
Edward Ribeiro	eaf4a8405a	Phase 0 hardening: nginx GeoIP2, rate limits, Gunicorn tuning, N+1 fix - nginx: sendfile on, tcp_nopush, reduced keepalive/proxy timeouts - nginx: GeoIP2 ASN-based bot blocking (cloud providers + known scrapers) - nginx: UA blocklist (GPTBot, ClaudeBot, Chrome/98.0.4758 impersonator, etc.) - nginx: rate-limit zones (30r/m general, 10r/m heavy/relatorios), 429/500 error pages - nginx: proper ETags + Cache-Control on /media/ to stop 30GB logo re-transfers - Dockerfile: install libnginx-mod-http-geoip2; download GeoLite2-ASN.mmdb via BuildKit secret (key never baked into image layers); ARG GEOIP_CACHE_BUST for forced re-download without --no-cache - Gunicorn: workers 3->2, threads 8->4, timeout 300->120, max_memory 300->400MB - Django: FILE_UPLOAD_MAX_MEMORY_SIZE=2MB, FILE_UPLOAD_TEMP_DIR for large uploads - relatorios/views.py: fix N+1 in get_etiqueta_protocolos with bulk-fetch MateriaLegislativa + DocumentoAdministrativo using select_related + dict lookups - Add robots.txt, 429.html, 500.html static pages - docker-compose.yaml: use sapl:local for local dev - docker/README.md: build instructions with MAXMIND_LICENSE_KEY - rate-limiter-v2.md: canonical planning document (Architecture through Phase 5) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	3 weeks ago
Edward Ribeiro	592d23e3e3	Adiciona requestId em requisições continuous-integration/drone/push Build is passing Details	4 months ago
Edward Ribeiro	3faba84bc8	Fix recibo proposição e adiciona rate limiter em matéria e norma continuous-integration/drone/push Build is passing Details	8 months ago
Edward Ribeiro	33d76e3715	HOT-FIX: conserta CORS' preflight steps in browser continuous-integration/drone/push Build is passing Details	4 years ago
Leandro Roberto	50b0ec83a9	Ajuste de configuração sapl.conf com CORs	5 years ago
Edward Ribeiro	c4720db576	Habilita acesso cross-domain na API	5 years ago
Edward	c5a2d97443	Refatora arquivos Docker (#3264 ) * Refatora arquivos Docker * Conserta runtime * Retorna CI antigo Co-authored-by: eribeiro <edwardr@senado.leg.br>	6 years ago
Edward	96ce98f29d	Docker sapl 2 (#1023 ) * Adiciona dDocker baseado em Alpine-Python3 com Ngnix e Gunicorn * Atualiza docker-compose com gunicorn, ngnix e postgres * Ajusta gitignore para ignorar postgres-data * Adiciona script bash para conexao ao banco * Ajusta busy-wait.sh script para sincronizar o banco(postgres) com a aplicação django no docker * Add alias to sapldb * Refazer Dockerfile * Ajusta Dockerfile e docker-compose com entrypoint start.sh * Ajusta start.sh * Adiciona mais pontos de montagem. * Coloca start.sh como executável: chmod +x start.sh * Remove arquivo lixo * Substitui gen-env.py por shell script puro * Ajusta diretorio /var/interlegis/sapl e collect_static como volume no nginix * Simplifica criação de diretórios. * Adiciona ponto de montagem em postgres para importar dados * Adiciona mais parâmetros de ambiente UNIX para entrypoint docker	9 years ago
Edward Ribeiro	3a88bbba8d	Revertendo a alteração do Dockerfile.	9 years ago
Matheus Veleci dos Santos	c4eea181fb	Ajusta Docker do SAPL com NGINX e GUNICORN. (#997 ) * Adiciona Docker baseado em Alpine-Python3 com Ngnix e Gunicorn * Atualiza docker-compose com gunicorn, ngnix e postgres * Ajusta gitignore para ignorar postgres-data * Adiciona script bash para conexao ao banco * Ajusta busy-wait.sh script para sincronizar o banco(postgres) com a aplicação django no docker * Add alias to sapldb	9 years ago

9 Commits (f838a71d05f21ccef5744829303a22aa751d040e)