From d910ef80d6faa5ba475d8c6c158c21f69578c31b Mon Sep 17 00:00:00 2001 From: Cizz22 Date: Sun, 3 May 2026 15:42:47 +0700 Subject: [PATCH] refactor: replace hardcoded calculation ID with dynamic reference and disable request parameter whitelist validation --- src/calculation_time_constrains/service.py | 4 ++-- src/middleware.py | 26 +++++++++++----------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/calculation_time_constrains/service.py b/src/calculation_time_constrains/service.py index 50c9676..325ca11 100644 --- a/src/calculation_time_constrains/service.py +++ b/src/calculation_time_constrains/service.py @@ -1065,14 +1065,14 @@ async def run_simulation_with_spareparts(*, db_session, calculation, token: str, # 2. Calculate plant data chart plant_summary = await calculate_plant_data_chart( db_session=db_session, - calculation_id=str("2ad790c6-beb1-4be9-b79c-1b4c13771a07"), + calculation_id=str(calculation.id), token=token, simulation_id=simulation_id ) # 3. Generate and save plant data chart as PNG # Fetch the latest calculation data to get plant_results - calculation_data = await get_calculation_data_by_id(db_session, "2ad790c6-beb1-4be9-b79c-1b4c13771a07") + calculation_data = await get_calculation_data_by_id(db_session, calculation.id) generate_simulation_chart( diff --git a/src/middleware.py b/src/middleware.py index 638d3f8..0609e8f 100644 --- a/src/middleware.py +++ b/src/middleware.py @@ -239,12 +239,12 @@ def inspect_json(obj, path="body", check_whitelist=True): detail="Invalid request parameters", ) - if check_whitelist and key not in ALLOWED_DATA_PARAMS: - log.warning(f"Security violation: Unknown JSON key detected: {path}.{key}") - raise HTTPException( - status_code=422, - detail="Invalid request parameters", - ) + # if check_whitelist and key not in ALLOWED_DATA_PARAMS: + # log.warning(f"Security violation: Unknown JSON key detected: {path}.{key}") + # raise HTTPException( + # status_code=422, + # detail="Invalid request parameters", + # ) # Recurse. If the key is a dynamic container, we stop whitelist checking for children. should_check_subkeys = check_whitelist and (key not in DYNAMIC_KEYS) @@ -316,13 +316,13 @@ class RequestValidationMiddleware(BaseHTTPMiddleware): ) # Check for unknown query parameters - unknown_params = [key for key, _ in params if key not in ALLOWED_DATA_PARAMS] - if unknown_params: - log.warning(f"Security violation: Unknown query parameters detected: {unknown_params}") - raise HTTPException( - status_code=422, - detail="Invalid request parameters", - ) + # unknown_params = [key for key, _ in params if key not in ALLOWED_DATA_PARAMS] + # if unknown_params: + # log.warning(f"Security violation: Unknown query parameters detected: {unknown_params}") + # raise HTTPException( + # status_code=422, + # detail="Invalid request parameters", + # ) # ------------------------- # 2. Duplicate parameters