Fix encryption: support direct RSA-OAEP and hybrid RSA+AES-GCM modes

app.py

@@ -6,8 +6,9 @@ decrypting it, and storing in SQLite database.
 """
 import logging
 from contextlib import asynccontextmanager
-from typing import Optional
+from typing import Optional, Tuple
 
+import httpx
 from fastapi import FastAPI, Query, Request, Depends, HTTPException, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse, HTMLResponse
@@ -29,6 +30,40 @@ logger = logging.getLogger(__name__)
 # User ID length constant
 USER_ID_LENGTH = 20
 
+# Geolocation API settings
+GEOLOCATION_API_URL = "http://ip-api.com/json/{ip}?fields=status,country,regionName"
+GEOLOCATION_TIMEOUT = 2.0  # seconds
+
+
+async def get_geolocation(ip_address: str) -> Tuple[Optional[str], Optional[str]]:
+    """
+    Get country and region for an IP address using ip-api.com.
+    
+    Args:
+        ip_address: IPv4 or IPv6 address
+        
+    Returns:
+        Tuple of (country, region) or (None, None) if lookup fails
+    """
+    if not ip_address:
+        return None, None
+    
+    # Skip geolocation for localhost/private IPs
+    if ip_address in ("127.0.0.1", "::1", "localhost") or ip_address.startswith(("192.168.", "10.", "172.")):
+        return None, None
+    
+    try:
+        async with httpx.AsyncClient(timeout=GEOLOCATION_TIMEOUT) as client:
+            response = await client.get(GEOLOCATION_API_URL.format(ip=ip_address))
+            if response.status_code == 200:
+                data = response.json()
+                if data.get("status") == "success":
+                    return data.get("country"), data.get("regionName")
+    except Exception as e:
+        logger.warning(f"Geolocation lookup failed for {ip_address}: {e}")
+    
+    return None, None
+
 
 @asynccontextmanager
 async def lifespan(app: FastAPI):
@@ -123,6 +158,8 @@ async def get_data(
                     "user_id": item.user_id,
                     "refer_url": item.refer_url,
                     "ip_address": item.ip_address,
+                    "country": item.country,
+                    "region": item.region,
                     "json_data": item.json_data,
                     "created_at": item.created_at.isoformat() if item.created_at else None
                 }
@@ -202,6 +239,9 @@ async def blink(
             # Fall back to direct client IP
             ip_address = request.client.host if request.client else None
         
+        # Get geolocation from IP address
+        country, region = await get_geolocation(ip_address)
+        
         # Store each decrypted result as separate records
         records_created = 0
         for json_data in decrypted_results:
@@ -209,6 +249,8 @@ async def blink(
                 user_id=user_id,
                 refer_url=refer_url,
                 ip_address=ip_address,
+                country=country,
+                region=region,
                 json_data=json_data
             )
             db.add(blink_record)
@@ -220,6 +262,8 @@ async def blink(
                 user_id=user_id,
                 refer_url=refer_url,
                 ip_address=ip_address,
+                country=country,
+                region=region,
                 json_data={"encrypted_length": len(encrypted_data)}
             )
             db.add(blink_record)

models.py

@@ -23,6 +23,8 @@ class BlinkData(Base):
     user_id = Column(String(20), index=True, nullable=False)
     refer_url = Column(Text, nullable=True)
     ip_address = Column(String(45), nullable=True)  # IPv6 can be up to 45 chars
+    country = Column(String(100), nullable=True)  # Country from IP geolocation
+    region = Column(String(100), nullable=True)   # Region/State from IP geolocation
     json_data = Column(JSON, nullable=True)
     created_at = Column(DateTime(timezone=True), server_default=func.now())
 

requirements.txt

@@ -5,3 +5,4 @@ sqlalchemy>=2.0.0
 aiosqlite>=0.19.0
 cryptography>=41.0.0
 pydantic>=2.0.0
+httpx>=0.25.0