Initial commit: FastAPI URL Blink application

.gitattributes

@@ -0,0 +1,11 @@
+*.jpg filter=lfs diff=lfs merge=lfs -text
+*.jpeg filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.gif filter=lfs diff=lfs merge=lfs -text
+*.mp3 filter=lfs diff=lfs merge=lfs -text
+*.mp4 filter=lfs diff=lfs merge=lfs -text
+*.wav filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.db filter=lfs diff=lfs merge=lfs -text
+sliding_puzzle filter=lfs diff=lfs merge=lfs -text
+stockfish/stockfish-ubuntu-x86-64-avx2 filter=lfs diff=lfs merge=lfs -text

.github/workflows/sync-to-hf.yml

@@ -0,0 +1,61 @@
+name: Sync to Hugging Face hub
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  sync-to-hub:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          lfs: true
+
+      - name: Configure Git
+        run: |
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Commit any uncommitted changes
+        run: |
+          git add -A
+          git diff --staged --quiet || git commit -m "Save working directory before LFS migration"
+
+      - name: Configure Git LFS
+        run: |
+          git lfs install
+
+      - name: Fetch all LFS objects
+        run: |
+          git lfs fetch --all
+          git lfs checkout
+
+      - name: Migrate existing files to LFS
+        run: |
+          git lfs migrate import --include="*.jpg,*.jpeg,*.png,*.gif,*.mp3,*.mp4,*.wav,*.ttf,*.db,sliding_puzzle,stockfish/stockfish-ubuntu-x86-64-avx2" --everything
+
+      - name: Track binary files with LFS
+        run: |
+          git lfs track "*.jpg" "*.jpeg" "*.png" "*.gif" "*.mp3" "*.mp4" "*.wav" "*.ttf" "*.db"
+          git lfs track "sliding_puzzle"
+          git lfs track "stockfish/stockfish-ubuntu-x86-64-avx2"
+          git add .gitattributes
+          git diff --staged --quiet || git commit -m "Configure Git LFS tracking"
+
+      - name: Fetch LFS objects after migration
+        run: |
+          git lfs fetch --all
+          git lfs pull
+
+      - name: Push to Hugging Face Space
+        env:
+          HF_TOKEN: ${{ secrets.HF_TOKEN }}
+        run: |
+          git remote remove space 2>/dev/null || true
+          git remote add space https://jebin2:${HF_TOKEN}@huggingface.co/spaces/jebin2/apigateway
+          git lfs push --all space main
+          git push --force space main

.gitignore

@@ -0,0 +1,48 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Virtual environment
+venv/
+env/
+.venv/
+.env/
+
+# SQLite database
+*.db
+*.sqlite
+*.sqlite3
+
+# Environment variables
+.env
+.env.local
+.env.*.local
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+logs/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Distribution
+dist/
+build/
+*.egg-info/
+
+# Private keys (keep in repo but be careful)
+# PRIVATE_KEY.pem

Dockerfile

@@ -0,0 +1,38 @@
+FROM python:3.11-slim
+
+# Set working directory
+WORKDIR /app
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONPATH=/app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy requirements first for better caching
+COPY requirements.txt .
+
+# Install Python dependencies
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
+
+# Create non-root user for security
+RUN adduser --disabled-password --gecos '' appuser && \
+    chown -R appuser:appuser /app
+USER appuser
+
+# Expose port
+EXPOSE 7860
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:7860/health')" || exit 1
+
+# Run the application
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

PRIVATE_KEY.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCSaIwhbd+RdScq
+OEC2GurgbR6yYOHS6fQMmg8CqKOL6sDSy4YyrSknAU4lYDnMs2T8hqX37Xo+SzAj
+E5oilT/bKhfVaEVuVTdjB+4bDFx+AcMVFnUIYNagQdnv5DwId5bc3gm3Vg49dfH1
+Z40VBCzrkJfsVT1cGuH77aDH4I5saL6IZKYrX53qE+c0gKWbHNe1b2oQFSjsk/qp
+9YU+NjEI+NbxGCabPWW7IBE597c8psEMb92gdMkr5bGrwVAyRC2GZbARCwcHwwzM
+38ItDAL1THckOPyVXHfs+9mzdtRPAeRDlBmGDJxoxr1p+CFwbru97LasNjGri6d0
+vR03hdMtAgMBAAECggEAEqdC/KVbin7zIPluy+TXulqcwnGpLplD0Jvg6rVNX6+7
++9TAwdHMavL1ymRH/kZ4SNuSPL7NyC8F2zTi+qH/s0QvKi+b8lKQI8wTBZuIaJN/
+5T6/EB9fvlD1ho9n01UClxxWVOdKxCuJStDJKagmXahGpZk3SqCwMcv/o/JTzbLv
+R5KS7rFBXs+XCDHJ+LqJCezdAoadI07JQGoStygtQuLdwG6KhVpHdcLfh2RTnUSM
+UaJZ2gdlMrau9Juk3Z6f/ceNRI8/fHS+ZWmbAy2YGDeH8rmip0ioKolalW9BlsWA
+uVYWrSONhTHxuVT8Q8Leixu9nE+KUJUuDV0xhvbQHwKBgQDNQ9NjCRZCr8z/FaFT
+fEG4rSiSFAFpAZzFcEAhc1qNgdYZ8SkEGjNcWTIk788xijRGPlBWiIM7x5et5N7p
++e+5qbPhz0SR3pLnubLrXLkchjqmPd1oAjGIwRUIEJF+qk1PMXvjR9DvFpJAICu+
+Myf6+uWiUZ4raV9Smsv5P4u7pwKBgQC2mJAknVoxBemAvSv5YbvfBvN/lkzBcBiD
+JmyTOwncNGsJ9KXLSWdhJ1wjrtKB5cQPuiNoEzrTgEzhWlehivT8giVntVmdopeB
+x1l8iKzGTGpmpwSnnzPCtFhYuPhnZj1IMor/+WqZ79Smo6JIzGJ+0xg6BwhMz92B
+43RCIKGFCwKBgQCbK8X2XR015n5a63gci5eHS2ebHoJ+ZhikbRod730p8lfvHo76
+KfBfxJISuDLyaV7hJyRGdkZ2/4ibjaQyTp45xZ9VegGFIDP/9zLZmCvb82EM4UGp
+6daWYhhLE3NZxNZSor7b7yN0SqTe0zMeQr/bjKXh0j92496KrLi7wJ0aiwKBgEYV
+6wXSy+KTNVwvwCg5hkYFwgLP6ug4oX/9iKE+gPtft1Ib8GNF6oNU+z3LBYvMaGPs
++1ggQW0bCudYqNgdoQkm3zqeViZ2WRb8MHHneAGpJRH/u36nUdPDK0HqxZXSnWUP
+2WCFGJC7iHDp0AmHQasSVXM4bcwl4QzRBDe5lKWfAoGAK381hlxKSM7YTf7NgSqo
+ysAfdPEaKpxv4Pifcx1+i21KLLLic2cBw6tCKXDPcI6P6cYW5qIyH4G0cZlusISd
+KvfxPwK/wZVejuQFfsSDLFRYDe9wRMBFEr/gSWO7S0sqmfhQ/QjyZsx9qO2dfJlA
+upKwQSvGLRitnMom69uLllc=
+-----END PRIVATE KEY-----

app.py

@@ -0,0 +1,189 @@
+"""
+FastAPI URL Blink Application
+
+Production-grade API for receiving encrypted user data,
+decrypting it, and storing in SQLite database.
+"""
+import logging
+from contextlib import asynccontextmanager
+from typing import Optional
+
+from fastapi import FastAPI, Query, Request, Depends, HTTPException, status
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import JSONResponse
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from database import get_db, init_db
+from models import BlinkData
+from encryption import decrypt_data, decrypt_multiple_blocks
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+)
+logger = logging.getLogger(__name__)
+
+# User ID length constant
+USER_ID_LENGTH = 20
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """
+    Application lifespan manager.
+    Initializes database on startup.
+    """
+    logger.info("Starting up - initializing database...")
+    await init_db()
+    logger.info("Database initialized successfully")
+    yield
+    logger.info("Shutting down...")
+
+
+# Create FastAPI application
+app = FastAPI(
+    title="URL Blink API",
+    description="API for receiving and processing encrypted user data",
+    version="1.0.0",
+    lifespan=lifespan
+)
+
+# Configure CORS
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],  # Configure appropriately for production
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+
+@app.get("/health")
+async def health_check():
+    """
+    Health check endpoint.
+    
+    Returns:
+        Health status of the application
+    """
+    return {"status": "healthy", "service": "url-blink-api"}
+
+
+@app.get("/blink")
+async def blink(
+    request: Request,
+    userid: str = Query(..., description="User ID (20 chars) + encrypted data"),
+    db: AsyncSession = Depends(get_db)
+):
+    """
+    Process blink request with encrypted user data.
+    
+    The userid parameter format:
+    - First 20 characters: User ID
+    - Remaining characters: Base64 encoded encrypted data
+    
+    Args:
+        request: FastAPI request object
+        userid: Combined user ID and encrypted data
+        db: Database session
+        
+    Returns:
+        Success response with processing status
+    """
+    try:
+        # Validate minimum length
+        if len(userid) < USER_ID_LENGTH:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Parameter 'userid' must be at least {USER_ID_LENGTH} characters"
+            )
+        
+        # Extract user_id (first 20 characters)
+        user_id = userid[:USER_ID_LENGTH]
+        
+        # Extract encrypted data (remaining characters)
+        encrypted_data = userid[USER_ID_LENGTH:]
+        
+        if not encrypted_data:
+            logger.warning(f"No encrypted data received for user: {user_id}")
+            # Still store the record with empty json_data
+            decrypted_results = []
+        else:
+            # Try to decrypt - might be single or multiple blocks
+            try:
+                decrypted_results = decrypt_multiple_blocks(encrypted_data)
+            except Exception as e:
+                logger.error(f"Decryption failed for user {user_id}: {e}")
+                # Store with error information
+                decrypted_results = [{"error": str(e), "raw_encrypted": encrypted_data[:100]}]
+        
+        # Get referer URL from headers
+        refer_url = request.headers.get("referer") or request.headers.get("origin")
+        
+        # Store each decrypted result as separate records
+        records_created = 0
+        for json_data in decrypted_results:
+            blink_record = BlinkData(
+                user_id=user_id,
+                refer_url=refer_url,
+                json_data=json_data
+            )
+            db.add(blink_record)
+            records_created += 1
+        
+        # If no results but we have encrypted data, store a record with the raw data reference
+        if not decrypted_results and encrypted_data:
+            blink_record = BlinkData(
+                user_id=user_id,
+                refer_url=refer_url,
+                json_data={"encrypted_length": len(encrypted_data)}
+            )
+            db.add(blink_record)
+            records_created = 1
+        
+        await db.commit()
+        
+        logger.info(f"Successfully processed blink for user: {user_id}, records: {records_created}")
+        
+        return JSONResponse(
+            status_code=status.HTTP_200_OK,
+            content={
+                "status": "success",
+                "user_id": user_id,
+                "records_created": records_created
+            }
+        )
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error processing blink request: {e}")
+        await db.rollback()
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Internal server error processing request"
+        )
+
+
+@app.exception_handler(Exception)
+async def global_exception_handler(request: Request, exc: Exception):
+    """
+    Global exception handler for unhandled errors.
+    """
+    logger.error(f"Unhandled exception: {exc}")
+    return JSONResponse(
+        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+        content={"detail": "Internal server error"}
+    )
+
+
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run(
+        "app:app",
+        host="0.0.0.0",
+        port=8000,
+        reload=True,
+        log_level="info"
+    )

database.py

@@ -0,0 +1,48 @@
+"""
+Database configuration for SQLite with SQLAlchemy.
+"""
+from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
+from sqlalchemy.orm import DeclarativeBase
+import os
+
+# Database URL - SQLite file in the same directory
+DATABASE_URL = os.getenv("DATABASE_URL", "sqlite+aiosqlite:///./blink_data.db")
+
+# Create async engine
+engine = create_async_engine(
+    DATABASE_URL,
+    echo=False,  # Set to True for SQL debugging
+    future=True
+)
+
+# Session factory
+async_session_maker = async_sessionmaker(
+    engine,
+    class_=AsyncSession,
+    expire_on_commit=False
+)
+
+
+class Base(DeclarativeBase):
+    """Base class for SQLAlchemy models."""
+    pass
+
+
+async def get_db() -> AsyncSession:
+    """
+    Dependency injection for database sessions.
+    Yields a database session and ensures cleanup.
+    """
+    async with async_session_maker() as session:
+        try:
+            yield session
+        finally:
+            await session.close()
+
+
+async def init_db():
+    """
+    Initialize the database by creating all tables.
+    """
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)

encryption.py

@@ -0,0 +1,141 @@
+"""
+RSA Decryption utilities for the URL Blink application.
+"""
+import base64
+import json
+import os
+import logging
+from typing import Any, Optional
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography.hazmat.backends import default_backend
+
+logger = logging.getLogger(__name__)
+
+# Path to the private key file
+PRIVATE_KEY_PATH = os.getenv("PRIVATE_KEY_PATH", "./PRIVATE_KEY.pem")
+
+# Cache the private key after first load
+_private_key = None
+
+
+def load_private_key():
+    """
+    Load the RSA private key from the PEM file.
+    Caches the key for subsequent calls.
+    
+    Returns:
+        RSA private key object
+        
+    Raises:
+        FileNotFoundError: If private key file doesn't exist
+        ValueError: If private key is invalid
+    """
+    global _private_key
+    
+    if _private_key is not None:
+        return _private_key
+    
+    try:
+        with open(PRIVATE_KEY_PATH, "rb") as key_file:
+            _private_key = serialization.load_pem_private_key(
+                key_file.read(),
+                password=None,
+                backend=default_backend()
+            )
+        logger.info(f"Successfully loaded private key from {PRIVATE_KEY_PATH}")
+        return _private_key
+    except FileNotFoundError:
+        logger.error(f"Private key file not found: {PRIVATE_KEY_PATH}")
+        raise
+    except Exception as e:
+        logger.error(f"Failed to load private key: {e}")
+        raise ValueError(f"Invalid private key: {e}")
+
+
+def decrypt_data(encrypted_base64: str) -> Optional[Any]:
+    """
+    Decrypt base64-encoded RSA encrypted data.
+    
+    Args:
+        encrypted_base64: Base64 URL-safe encoded encrypted string
+        
+    Returns:
+        Decrypted data parsed as JSON, or raw string if not valid JSON
+        
+    Raises:
+        ValueError: If decryption fails
+    """
+    try:
+        # Load the private key
+        private_key = load_private_key()
+        
+        # Decode base64 URL-safe encoded data
+        # Add padding if necessary
+        padded = encrypted_base64 + '=' * (4 - len(encrypted_base64) % 4)
+        encrypted_bytes = base64.urlsafe_b64decode(padded)
+        
+        # Decrypt using RSA OAEP with SHA256
+        decrypted_bytes = private_key.decrypt(
+            encrypted_bytes,
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA256()),
+                algorithm=hashes.SHA256(),
+                label=None
+            )
+        )
+        
+        # Decode to string
+        decrypted_str = decrypted_bytes.decode('utf-8')
+        
+        # Try to parse as JSON
+        try:
+            return json.loads(decrypted_str)
+        except json.JSONDecodeError:
+            # Return as raw string if not valid JSON
+            logger.warning("Decrypted data is not valid JSON, returning raw string")
+            return {"raw_data": decrypted_str}
+            
+    except Exception as e:
+        logger.error(f"Decryption failed: {e}")
+        raise ValueError(f"Failed to decrypt data: {e}")
+
+
+def decrypt_multiple_blocks(encrypted_data: str, block_size: int = 344) -> list[Any]:
+    """
+    Decrypt multiple concatenated encrypted blocks.
+    
+    RSA 2048-bit encrypted data is typically 256 bytes, which is ~344 chars in base64.
+    
+    Args:
+        encrypted_data: Concatenated base64-encoded encrypted blocks
+        block_size: Size of each encrypted block in base64 chars (default 344 for RSA-2048)
+        
+    Returns:
+        List of decrypted data objects
+    """
+    results = []
+    
+    # If the data is smaller than block_size, treat as single block
+    if len(encrypted_data) <= block_size:
+        try:
+            result = decrypt_data(encrypted_data)
+            if result:
+                results.append(result)
+        except Exception as e:
+            logger.error(f"Failed to decrypt single block: {e}")
+        return results
+    
+    # Split into blocks and decrypt each
+    for i in range(0, len(encrypted_data), block_size):
+        block = encrypted_data[i:i + block_size]
+        if block:  # Skip empty blocks
+            try:
+                result = decrypt_data(block)
+                if result:
+                    results.append(result)
+            except Exception as e:
+                logger.error(f"Failed to decrypt block {i // block_size}: {e}")
+                continue
+    
+    return results

models.py

@@ -0,0 +1,29 @@
+"""
+SQLAlchemy models for the URL Blink application.
+"""
+from sqlalchemy import Column, Integer, String, Text, DateTime, JSON
+from sqlalchemy.sql import func
+from database import Base
+
+
+class BlinkData(Base):
+    """
+    Model for storing decrypted blink data.
+    
+    Attributes:
+        id: Primary key
+        user_id: User identifier (first 20 chars from URL param)
+        refer_url: Referer URL from request header
+        json_data: Decrypted JSON data
+        created_at: Timestamp of record creation
+    """
+    __tablename__ = "blink_data"
+
+    id = Column(Integer, primary_key=True, autoincrement=True, index=True)
+    user_id = Column(String(20), index=True, nullable=False)
+    refer_url = Column(Text, nullable=True)
+    json_data = Column(JSON, nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+
+    def __repr__(self):
+        return f"<BlinkData(id={self.id}, user_id={self.user_id})>"

requirements.txt

@@ -0,0 +1,7 @@
+# FastAPI URL Blink Application Dependencies
+fastapi>=0.104.0
+uvicorn[standard]>=0.24.0
+sqlalchemy>=2.0.0
+aiosqlite>=0.19.0
+cryptography>=41.0.0
+pydantic>=2.0.0