roberto/adiuva-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

step 9 complete: auth middleware, tier-aware rate limiter, and response sanitizer

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
roberto
2026-03-02 22:18:17 +01:00
parent 4c4df7335a
commit 3e07fff958
8 changed files with 661 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
BACKEND_PLAN.md
View File

@@ -331,14 +331,14 @@ adiuva-api/
### Step 9 — Middleware
#### 9a — Auth middleware
- [ ] `app/api/middleware/auth.py`:
- [x] `app/api/middleware/auth.py`:
- FastAPI dependency: `get_current_user(token: str = Depends(oauth2_scheme)) -> UserProfile`
- Validates JWT signature, expiry, extracts `user_id` and `tier`
- Raises `401` on invalid/expired token
- Exempt routes: `/api/v1/auth/register`, `/api/v1/auth/login`, `/api/v1/billing/webhook`
#### 9b — Rate limiter
- [ ] `app/api/middleware/rate_limit.py`:
- [x] `app/api/middleware/rate_limit.py`:
- Uses `slowapi` with `Limiter(key_func=get_user_id_from_jwt)`
- Tier-based limits:
- Free: 20 req/min
@@ -348,7 +348,7 @@ adiuva-api/
- Custom 429 response with `Retry-After` header
#### 9c — Sanitizer
- [ ] `app/api/middleware/sanitizer.py`:
- [x] `app/api/middleware/sanitizer.py`:
- Response middleware that scans response bodies
- Strips: system prompt fragments, agent internal reasoning, tool schemas, routing metadata
- Pattern-based detection + exact match against known prompt fingerprints