app/main.py

import re
from fastapi import FastAPI, Request, HTTPException
from fastapi.responses import JSONResponse
from fastapi.middleware.cors import CORSMiddleware
from slowapi import Limiter
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded

# Importamos los módulos de tus endpoints originales
from app.api.endpoints import session, attack

# Inicializamos el limiter basado en IP
limiter = Limiter(key_func=get_remote_address)

app = FastAPI(
    title="DECI - Vertex Coders Core",
    version="0.1.0-sprint1",
    description="PoH Engine — Decentralized Cognitive Identity"
)

# Acoplamos el limiter a la aplicación
app.state.limiter = limiter

# Manejador global de exceso de peticiones (429)
@app.exception_handler(RateLimitExceeded)
async def custom_rate_limit_handler(request: Request, exc: RateLimitExceeded):
    return JSONResponse(
        status_code=429,
        content={
            "detail": "Too many requests. Vertex Security rate-limit triggered.",
            "retry_after": exc.detail
        }
    )

# ── CONFIGURACIÓN DE CORS ─────────────────────────────────────────────────
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

# ── MIDDLEWARE DE DEFENSA POLÍGLOTA (Vertex Security Layer) ──────────────────
@app.middleware("http")
async def polyglot_defense_middleware(request: Request, call_next):
    suspicious_patterns = [r"ostende", r"secretum", r"0x[0-9a-fA-F]+", r"----"]
    
    if request.method == "POST" and "session" in request.url.path:
        body = await request.body()
        content = body.decode().lower()
        
        for pattern in suspicious_patterns:
            if re.search(pattern, content):
                print(f"🚨 [DEFENSE] Vertex Security bloqueó patrón: {pattern}")
                raise HTTPException(status_code=403, detail="Vertex Security: Pattern Blocked")

        async def receive():
            return {"type": "http.request", "body": body}
        request._receive = receive
                
    return await call_next(request)

# ── REGISTRO DE ROUTERS LIMPIOS ──────────────────────────────────────────────
app.include_router(session.router, prefix="/session", tags=["Session"])
app.include_router(attack.router,  prefix="/attack",  tags=["Attack"])

# ── ENDPOINTS DE CONTROL ──────────────────────────────────────────────────────
@app.get("/")
async def root():
    return {
        "service": "DECI PoH Engine",
        "version": "0.1.0-sprint1",
        "status":  "operational",
        "company": "Vertex Coders LLC"
    }

@app.get("/health")
async def health():
    return {
        "api":         "ok",
        "vault":       "ok",
        "shadow_mode": True
    }