Spaces:

HuggingFaceM4
/

conversation_setup

Sleeping

App Files Files Community

andito HF Staff commited on Dec 18, 2025

Commit

62b5801

verified ·

1 Parent(s): 1550f58

Update app.py

Browse files

Files changed (1) hide show

app.py +125 -7

app.py CHANGED Viewed

@@ -6,6 +6,7 @@ import threading
 import requests
 from datetime import datetime, timezone
 from typing import Dict, Optional, Tuple
 import gradio as gr
 from huggingface_hub import HfApi
@@ -18,6 +19,7 @@ HF_TOKEN = os.environ["HF_TOKEN"]          # Space secret
 OPENAI_API_KEY = os.environ["OPENAI_API_KEY"]  # Space secret
 SENT_PATH = "sent.csv"
 # Maximum keys per order = quantity * KEYS_PER_QUANTITY
 KEYS_PER_QUANTITY = 10
@@ -36,6 +38,10 @@ _cache = {
 }
 CACHE_TTL_SEC = 10.0
 # -------------------------
 # Helpers
 # -------------------------
@@ -115,6 +121,100 @@ def load_state(force: bool = False):
     _cache["sent"] = sent
     return sent
 # -------------------------
 # Core API
 # -------------------------
@@ -127,11 +227,20 @@ def claim_c_key(
     and hasn't exceeded the allowed key limit (quantity * KEYS_PER_QUANTITY).
     Returns (key, status_message)
     """
-    _ = request
     order_number = order_number.strip()
     if not order_number:
         return "", "Please provide an order number."
     with _lock:
@@ -139,7 +248,9 @@ def claim_c_key(
         # Check if order exists in sent.csv
         if order_number not in sent:
-            return "", f"Order number {order_number} not found."
         quantity = sent[order_number]["quantity"]
@@ -151,7 +262,9 @@ def claim_c_key(
         # Check if limit has been reached
         if keys_already_sent >= max_keys:
-            return "", f"Key limit reached for order {order_number} ({keys_already_sent}/{max_keys} keys sent)."
         # Check if we can reuse a recently created key
         last_key_sent = sent[order_number].get("last_key_sent", "")
@@ -166,7 +279,9 @@ def claim_c_key(
                 # If the last key was created within the reuse window, reuse it
                 if time_since_creation < KEY_REUSE_WINDOW_SECONDS:
-                    return last_key_sent, f"Reused recent key. ({keys_already_sent}/{max_keys} keys sent for this order)"
             except (ValueError, TypeError):
                 # If there's an error parsing the timestamp, create a new key
                 pass
@@ -197,7 +312,9 @@ def claim_c_key(
             ephemeral_data = response.json()
             ephemeral_key = ephemeral_data["value"]
         except Exception as e:
-            return "", f"Failed to create ephemeral key: {str(e)}"
         # Update sent.csv - store the ephemeral key and timestamp
         existing_keys = sent[order_number]["keys_sent"]
@@ -223,7 +340,9 @@ def claim_c_key(
         _cache["ts"] = 0.0
         keys_sent_count = sent[order_number]["quantity_keys_sent"]
-        return ephemeral_key, f"New ephemeral key sent successfully. ({keys_sent_count}/{max_keys} keys sent for this order)"
 # -------------------------
 # UI
@@ -245,4 +364,3 @@ with gr.Blocks(title="API") as demo:
 demo.queue()
 demo.launch()

 import requests
 from datetime import datetime, timezone
 from typing import Dict, Optional, Tuple
+from collections import defaultdict
 import gradio as gr
 from huggingface_hub import HfApi
 OPENAI_API_KEY = os.environ["OPENAI_API_KEY"]  # Space secret
 SENT_PATH = "sent.csv"
+REQUEST_LOG_PATH = "request_log.csv"
 # Maximum keys per order = quantity * KEYS_PER_QUANTITY
 KEYS_PER_QUANTITY = 10
 }
 CACHE_TTL_SEC = 10.0
+# Request tracking to identify suspicious patterns
+_request_tracker = defaultdict(list)  # {ip: [timestamps]}
+_request_log_buffer = []  # Buffer logs before writing to avoid too many uploads
 # -------------------------
 # Helpers
 # -------------------------
     _cache["sent"] = sent
     return sent
+def _log_request(
+    order_number: str,
+    ip_address: str,
+    user_agent: str,
+    success: bool,
+    message: str,
+    suspicious_flags: list,
+):
+    """Log request details for security monitoring"""
+    timestamp = _utc_now_iso()
+    log_entry = {
+        "timestamp": timestamp,
+        "ip_address": ip_address,
+        "user_agent": user_agent,
+        "order_number": order_number,
+        "success": success,
+        "message": message,
+        "suspicious_flags": "|".join(suspicious_flags) if suspicious_flags else "",
+    }
+    _request_log_buffer.append(log_entry)
+    # Flush buffer to Hub every 10 requests or if suspicious activity detected
+    if len(_request_log_buffer) >= 10 or suspicious_flags:
+        _flush_request_log()
+def _flush_request_log():
+    """Write buffered logs to the dataset repo"""
+    if not _request_log_buffer:
+        return
+    try:
+        # Download existing log
+        try:
+            log_csv = _download_csv(DATASET_REPO_ID, REQUEST_LOG_PATH)
+        except Exception:
+            # If log doesn't exist yet, create header
+            log_csv = "timestamp,ip_address,user_agent,order_number,success,message,suspicious_flags\n"
+        # Append new entries
+        out = io.StringIO()
+        out.write(log_csv)
+        fieldnames = ["timestamp", "ip_address", "user_agent", "order_number", "success", "message", "suspicious_flags"]
+        writer = csv.DictWriter(out, fieldnames=fieldnames)
+        for entry in _request_log_buffer:
+            writer.writerow(entry)
+        # Upload
+        _upload_csv(
+            DATASET_REPO_ID,
+            REQUEST_LOG_PATH,
+            out.getvalue(),
+            commit_message=f"Request log update at {_utc_now_iso()}",
+        )
+        _request_log_buffer.clear()
+    except Exception as e:
+        print(f"Warning: Failed to flush request log: {e}")
+def _check_suspicious_activity(ip_address: str, order_number: str) -> list:
+    """Check for suspicious patterns and return list of flags"""
+    flags = []
+    now = time.time()
+    # Track requests from this IP
+    _request_tracker[ip_address].append(now)
+    # Clean old entries (older than 1 hour)
+    _request_tracker[ip_address] = [
+        ts for ts in _request_tracker[ip_address]
+        if now - ts < 3600
+    ]
+    recent_requests = _request_tracker[ip_address]
+    # Flag: More than 20 requests in the last hour
+    if len(recent_requests) > 20:
+        flags.append("HIGH_FREQUENCY")
+    # Flag: More than 5 requests in the last minute
+    last_minute = [ts for ts in recent_requests if now - ts < 60]
+    if len(last_minute) > 5:
+        flags.append("RAPID_REQUESTS")
+    # Flag: More than 10 requests in the last 5 minutes
+    last_5_min = [ts for ts in recent_requests if now - ts < 300]
+    if len(last_5_min) > 10:
+        flags.append("BURST_PATTERN")
+    return flags
 # -------------------------
 # Core API
 # -------------------------
     and hasn't exceeded the allowed key limit (quantity * KEYS_PER_QUANTITY).
     Returns (key, status_message)
     """
+    # Extract request metadata
+    ip_address = "unknown"
+    user_agent = "unknown"
+    if request:
+        ip_address = request.client.host if request.client else "unknown"
+        user_agent = request.headers.get("user-agent", "unknown")
     order_number = order_number.strip()
+    # Check for suspicious activity patterns
+    suspicious_flags = _check_suspicious_activity(ip_address, order_number)
     if not order_number:
+        _log_request(order_number, ip_address, user_agent, False, "Empty order number", suspicious_flags)
         return "", "Please provide an order number."
     with _lock:
         # Check if order exists in sent.csv
         if order_number not in sent:
+            msg = f"Order number {order_number} not found."
+            _log_request(order_number, ip_address, user_agent, False, "Order not found", suspicious_flags)
+            return "", msg
         quantity = sent[order_number]["quantity"]
         # Check if limit has been reached
         if keys_already_sent >= max_keys:
+            msg = f"Key limit reached for order {order_number} ({keys_already_sent}/{max_keys} keys sent)."
+            _log_request(order_number, ip_address, user_agent, False, "Key limit reached", suspicious_flags)
+            return "", msg
         # Check if we can reuse a recently created key
         last_key_sent = sent[order_number].get("last_key_sent", "")
                 # If the last key was created within the reuse window, reuse it
                 if time_since_creation < KEY_REUSE_WINDOW_SECONDS:
+                    msg = f"Reused recent key. ({keys_already_sent}/{max_keys} keys sent for this order)"
+                    _log_request(order_number, ip_address, user_agent, True, "Key reused", suspicious_flags)
+                    return last_key_sent, msg
             except (ValueError, TypeError):
                 # If there's an error parsing the timestamp, create a new key
                 pass
             ephemeral_data = response.json()
             ephemeral_key = ephemeral_data["value"]
         except Exception as e:
+            msg = f"Failed to create ephemeral key: {str(e)}"
+            _log_request(order_number, ip_address, user_agent, False, "API error", suspicious_flags)
+            return "", msg
         # Update sent.csv - store the ephemeral key and timestamp
         existing_keys = sent[order_number]["keys_sent"]
         _cache["ts"] = 0.0
         keys_sent_count = sent[order_number]["quantity_keys_sent"]
+        msg = f"New ephemeral key sent successfully. ({keys_sent_count}/{max_keys} keys sent for this order)"
+        _log_request(order_number, ip_address, user_agent, True, "Key created", suspicious_flags)
+        return ephemeral_key, msg
 # -------------------------
 # UI
 demo.queue()
 demo.launch()