Adapt Cloudflare Web Security

[Masterain98]

No description provided.

[dgp-bot]

Introducing Cloudflare Security Tools

This pull request by Masterain introduces and integrates Cloudflare security tools into the FastAPI application.

Changes by feature

• Cloudflare Security Utils Integration:

  • Adds a submodule for cloudflare_security_utils from https://github.com/DGP-Studio/cloudflare-api-security.git.
  • Syncs the submodule to the latest commits.

• Refactor: Client Verification

  • Removes validate_client_is_updated from utils/dgp_utils.py and integrates its functionality within the cloudflare_security_utils.
  • Migrates mgnt router to cloudflare_security_utils, remove routers/mgnt.py

• Client Feature Router Security:

  • Integrates enhanced_safety_check from cloudflare_security_utils as a dependency for the client_feature router endpoints (china_router, global_router, fujian_router). This check is applied to the GET requests for file paths.
  • Refactors the client_feature handlers to return safety_check as RedirectResponse if applicable.

Key Change Highlights

• Submodule Inclusion: The addition of the cloudflare_security_utils submodule brings in external security measures. This is a critical addition as it centralizes security-related functionalities.
• Dependency Injection for Security: The enhanced_safety_check is now a dependency for the client feature endpoints. This means that every request to these endpoints will undergo a security check before being processed. This could affect the performance and behavior of these endpoints, as all requests will now be validated against the security policies defined in the submodule.
• Configuration Changes:
  • The SERVER_TYPE variable in config.py is now lowercased for comparison, ensuring consistency.
  • The IS_DEBUG flag is determined based on whether "alpha" or "dev" is in the SERVER_TYPE string.

Suggested Test Methods

• API Endpoint Tests for Client Feature Router:
  • Verify that the enhanced_safety_check dependency is correctly applied to all endpoints in the client_feature router.
  • Test different scenarios (e.g., valid vs. invalid requests) to ensure that the security checks work as expected and return the correct responses (either processing the request or redirecting).
• Submodule Integration Tests:
  • Ensure the cloudflare_security_utils submodule is correctly initialized and updated.
  • Verify that the functions within the submodule (e.g., enhanced_safety_check) are functioning as expected.
• Configuration Tests:
  • Confirm that the IS_DEBUG flag is correctly set based on the SERVER_TYPE environment variable.
  • Test the application in different environments (e.g., development, alpha, production) to ensure that the configuration is correctly loaded and applied.

[qhy040404]