hofmannol/llmproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
llmproxy/backend/schemas.py
Oliver Hofmann bf694b79e2 Fix critical/high security and correctness issues from code review 
Critical (all fixed):
- bcrypt statt SHA-256 für Passwörter
- API-Keys gehasht in DB, Plaintext nur einmalig zurückgegeben
- DB-Session-Leak behoben (SessionLocal + try/finally, Depends(get_db))
- Admin-Check via is_admin-Spalte statt Hardcoded-Username
- CORS: konfigurierbare Origins via ALLOWED_ORIGINS, kein Wildcard mit Credentials

High (all fixed):
- TOCTOU-Race: check_and_increment_quota mit SELECT FOR UPDATE atomar
- Getrennte Tages-/Monatszähler in Usage + automatische Reset-Logik
- Token-Zählung mit tiktoken (cl100k_base) statt .split()

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 21:34:17 +02:00

70 lines
1.4 KiB
Python
Raw Blame History

from pydantic import BaseModel
from datetime import datetime
from typing import Optional
class UserBase(BaseModel):
username: str
email: str
is_admin: bool = False
class UserCreate(UserBase):
password: str
class User(UserBase):
id: int
is_active: bool
created_at: datetime
class Config:
from_attributes = True
class APIKeyBase(BaseModel):
name: str
class APIKeyCreate(APIKeyBase):
user_id: int
class APIKey(APIKeyBase):
id: int
key: str
user_id: int
is_active: bool
created_at: datetime
class Config:
from_attributes = True
class APIKeyCreated(APIKey):
plaintext_key: str
class Config:
from_attributes = True
class QuotaBase(BaseModel):
daily_tokens: Optional[int] = None
monthly_tokens: Optional[int] = None
daily_requests: Optional[int] = None
monthly_requests: Optional[int] = None
class QuotaCreate(QuotaBase):
user_id: int
class Quota(QuotaBase):
id: int
user_id: int
reset_at: Optional[datetime] = None
class Config:
from_attributes = True
class UsageStats(BaseModel):
tokens_used_today: int = 0
tokens_used_month: int = 0
requests_today: int = 0
requests_month: int = 0
daily_reset_at: Optional[datetime] = None
monthly_reset_at: Optional[datetime] = None
class Config:
from_attributes = True
Reference in New Issue View Git Blame Copy Permalink