praca za proxy

app/config.py

@@ -1,9 +1,27 @@
 import os
 from pydantic_settings import BaseSettings
 from dotenv import load_dotenv
+import ipaddress
 
 load_dotenv()
 
+def _parse_trusted_proxies(raw: str):
+    # raw: comma-separated list of IPs or CIDR ranges
+    items = [p.strip() for p in (raw or "").split(",") if p.strip()]
+    nets = []
+    for p in items:
+        try:
+            if "/" in p:
+                nets.append(ipaddress.ip_network(p, strict=False))
+            else:
+                # treat single IP as /32 or /128 network
+                ip = ipaddress.ip_address(p)
+                nets.append(ipaddress.ip_network(ip.exploded + ("/32" if ip.version == 4 else "/128")))
+        except Exception:
+            # ignoruj błędne wpisy
+            continue
+    return nets
+
 class Settings(BaseSettings):
     geo_provider: str = os.getenv('GEO_PROVIDER', 'maxmind')
 
@@ -12,7 +30,7 @@ class Settings(BaseSettings):
     maxmind_license_key: str | None = os.getenv('MAXMIND_LICENSE_KEY')
     maxmind_db_name: str = os.getenv('MAXMIND_DB_NAME', 'GeoLite2-City')
     maxmind_db_path: str = os.getenv('MAXMIND_DB_PATH', '/data/GeoLite2-City.mmdb')
-    maxmind_download_url_template: str = os.getenv(
+    maxmind_download_url_template: str | None = os.getenv(
         'MAXMIND_DOWNLOAD_URL_TEMPLATE',
         'https://download.maxmind.com/app/geoip_download?edition_id={DBNAME}&license_key={LICENSE_KEY}&suffix=tar.gz'
     )
@@ -34,5 +52,11 @@ class Settings(BaseSettings):
     admin_pass: str | None = os.getenv('ADMIN_PASS')
     cache_maxsize: int = int(os.getenv('CACHE_MAXSIZE', '4096'))
 
+    # Nowe: lista zaufanych proxy (CIDR lub IP), oddzielone przecinkami
+    # Przykład: "127.0.0.1,10.0.0.0/8,192.168.1.5"
+    _trusted_proxies_raw: str | None = os.getenv('TRUSTED_PROXIES', '')
+    @property
+    def trusted_proxies(self):
+        return _parse_trusted_proxies(self._trusted_proxies_raw)
 
 settings = Settings()