Skip to content

updated app logic #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

updated app logic #4

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f9f3945
Update run.py
arvi18 Jul 12, 2025
95b9eeb
removed unneccesary
arvi18 Jul 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 24 additions & 6 deletions run.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,29 @@
import uvicorn
from app.main import app
import os
import sys
from pathlib import Path

def main():

Check notice on line 6 in run.py

View check run for this annotation

refacto-test / Refacto

Refacto Review Comment 

## Missing Docstring

The main function lacks a docstring explaining its purpose and behavior. This reduces code maintainability as future developers won't understand the function's role without reading its implementation.

```suggestion
def main():
    """
    Configure and start the uvicorn server with environment-specific settings.
    Uses environment variables for configuration with sensible defaults.
    """
```

<details><summary><strong>Standards</strong></summary>

- PEP 257
- Clean Code

</details>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing Docstring

The main function lacks a docstring explaining its purpose and behavior. This reduces code maintainability as future developers won't understand the function's role without reading its implementation.

Suggested change
def main():
def main():
"""
Configure and start the uvicorn server with environment-specific settings.
Uses environment variables for configuration with sensible defaults.
"""
Standards
  • PEP 257
  • Clean Code

# Set project root as working directory
current_dir = Path(__file__).resolve().parent
sys.path.append(str(current_dir))

# Read environment-based settings
env = os.getenv("ENV", "development").lower()
port = int(os.getenv("PORT", 8000))

Check notice on line 13 in run.py

View check run for this annotation

refacto-test / Refacto

Refacto Review Comment 

## Missing Error Handling

Converting port to int without error handling can crash the application if PORT environment variable contains non-numeric value. This creates a reliability issue during deployment with misconfigured environment.

```suggestion
    try:
        port = int(os.getenv("PORT", 8000))
    except ValueError:
        print("Error: PORT environment variable must be a number")
        port = 8000
```

<details><summary><strong>Standards</strong></summary>

- ISO-25010-Reliability
- Error Handling Best Practices

</details>
Comment on lines +12 to +13
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing Error Handling

Converting port to int without error handling can crash the application if PORT environment variable contains non-numeric value. This creates a reliability issue during deployment with misconfigured environment.

Suggested change
env = os.getenv("ENV", "development").lower()
port = int(os.getenv("PORT", 8000))
try:
port = int(os.getenv("PORT", 8000))
except ValueError:
print("Error: PORT environment variable must be a number")
port = 8000
Standards
  • ISO-25010-Reliability
  • Error Handling Best Practices

reload = env == "development"
workers = int(os.getenv("UVICORN_WORKERS", 1 if reload else 4))

if __name__ == "__main__":
uvicorn.run(
"app.main:app",
host="0.0.0.0",
port=8000,
reload=True,
log_level="info"
)
port=port,
reload=reload,
workers=workers,
log_level="debug" if reload else "info",
proxy_headers=True, # Trust X-Forwarded-For if behind proxy
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Consideration: Setting forwarded_allow_ips="*" allows all forwarded IPs which could pose security risks in production environments. Consider restricting this to specific, trusted IP ranges or networks in production deployments.

Copy link
Collaborator Author

@arvi18 arvi18 Jul 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

legit reply from a legit author

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

legit reply from a legit reviewer

forwarded_allow_ips="*", # Allow all forwarded IPs
)

Check notice on line 26 in run.py

View check run for this annotation

refacto-test / Refacto

Refacto Review Comment 

## Unrestricted Forwarded IPs

Setting forwarded_allow_ips to '*' trusts all IP addresses in X-Forwarded-For headers. This enables IP spoofing attacks where malicious clients can forge their source IP address.

```suggestion
        forwarded_allow_ips=os.getenv("TRUSTED_PROXIES", "127.0.0.1"),  # Only trust specific proxy IPs
```

<details><summary><strong>Standards</strong></summary>

- OWASP-A01
- CWE-284

</details>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrestricted Forwarded IPs

Setting forwarded_allow_ips to '*' trusts all IP addresses in X-Forwarded-For headers. This enables IP spoofing attacks where malicious clients can forge their source IP address.

Suggested change
)
forwarded_allow_ips=os.getenv("TRUSTED_PROXIES", "127.0.0.1"), # Only trust specific proxy IPs
Standards
  • OWASP-A01
  • CWE-284


if __name__ == "__main__":
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

legit review comment from a legit reviewer

main()