From df4e6a685bd91f1d2c556b6ad4b6019f8899fc8a Mon Sep 17 00:00:00 2001
From: Michail Kostocka <kma03.12.2002@gmail.com>
Date: Sat, 14 Dec 2024 11:38:23 +0300
Subject: [PATCH] Add session cooldown to batcher

---
 .gitignore                              |   1 +
 backend/media/products/1003345981.jpg   | Bin 7922 -> 0 bytes
 batcher/app/src/dependencies.py         |   6 +++---
 batcher/app/src/domain/click/usecase.py |  14 ++++++++++++++
 4 files changed, 18 insertions(+), 3 deletions(-)
 delete mode 100644 backend/media/products/1003345981.jpg

diff --git a/.gitignore b/.gitignore
index 87049b6..9166dcc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@ __pycache__/
 *.py[cod]
 celerybeat-schedule
 backend/static
+backend/media
 bot/logs.log
diff --git a/backend/media/products/1003345981.jpg b/backend/media/products/1003345981.jpg
deleted file mode 100644
index 3113c7fa002e57eb1f987603c82fed140b255008..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7922
zcmeHKc~nzZx4+CNtq2HK8D$iageedr1P6vf3<wB_24hG9213G+$Sl^%M=Ky@&{Pmm
z5fCx4fPl<aDhLRaNv1N$ER%xF<GVL#Yv0%R)^ok}{&~y8;^yAHfBSd#-e;d_vtzR#
z*lA^MX%6s!?I6!V0N8vDIGP1e+yDTJ1r7iJAPn&H>;(kCHy-dG%_IHiyE)H(fR8KZ
z1pr=&5AP6)+aNZ`X6tuz3OIP;Je@)JJ5Tpk(1mFM$fK56ets@gREFm?z$dL@Ap_!h
z0e;YnuW9EQ3~v-1PV<8iNOV^+j7ax_2N1mB+Au9RU}O^DO(1%b849jscM8o|?QKbg
zngWGntmcHkYGJ*Pk<U}U4e}-12U(va26++<NopqO?M4Bp055MZGJ~KH;6<hRp#qH6
zxa27C9TLOU6u1zEr?Hx)7r~v3LP5zmNvBg4w6$SKq#8)#OL9ZmnVNr~0KbgYKKSbI
z?+^3Wh0%T8;o63VhHxz%xQ>n{h|u&4q%jBqnlwKpkYT$5m&26oNA#t5GbnVL0>nvh
zr861EYHHgRK2S3#ZhvwAEf0`}n+T9iLBR<6MA?!3=u{@e=0Kw`&^ku&e-i%*KlK+L
zt*fO4*ZzS2RQ@N}`M&^vDhH#2Lt%Up*8e<Ia9IA#;@=|uIO1D@f-uxEUowF~_l3p;
zeFUlu1$zda=&5jmN?^FreZ7p}{~7ha^$d&s?|t*~g8%6r7K<{a6PaFQ8pF~Q4SE8j
zP)H~OLC+OICL=Vpw6zeLdirh%O@e_NQd7%~K+w{5)7LZ5MRNWAyE&A9kOCB1()<_%
z8j%cgZWSzvP6T=VpvX~35>XF{K<H~4x{*kldaimzO#%{RClU-v2m}$Sr%wP!_uq*A
zVz=?7fRl(o{lxQs?**Y}Xo%D`G|>7;^$%A6nCY#u0A~z1ci?}{K&Wv4@7tG7J}bvx
z()A@>pOt~n0)MHlFX{TM415;&OLcuo*Jowmv%vq4s_U=26PX5HnEb(;(PlSr3=rVs
z=jZ1W03QMZ0)j$c2@8QuR77OkS7M^#;$os=ViHm^yCrt*l@t^EX5Tk^Wo6~%<t272
zDl5t<%gD*gZ9WA=gn7<`e>`Hq=5K%uc>Ck!122|a_d)2%FUZ3uz$+vSYK?XRyu3WT
zyaFP;e8SK*61*w$^6?9Z?XwjW*FHj!*rljr=ks0conM=jj{4@jmQ>c&vv(!FQ}O$L
zvkMT0SWSTS8(c%)9cObg2Bz6{j~-S~@y_cz9BnY#X~or51&w<Ul8c7zbD1Ynw@=(n
zpY{#2lPw;}c4sHKZtO~1`=P*X#Cc-44;~uTI%+UsP480;?0N5gzrknT9WfoR-=1_6
zzZB?S-9uDv<9OsRxOKt@tnl>`=igZ0*&)?#mi@=TMudfQ`p?asB;px-)akfYSsa##
zt?hJR;hi@+(b+5UEV-v#C%F&B(Q#yeZJ+AWuZtE1HvLX{D^3Qb-Z`yKg>-t2j8VOX
zfo27=CYQ3&vk+4wb{Mj`9&vx<b;b0u{*mBAZ{_0;{Vc1I*k$-+9Mhd$I8?VoFfAfk
zcIHu3Ur4ZWIsa|Q0%|+wH8G;RveZbs_{qzIYVQtorCR#w82n4;y~i>~H%#vBcfTd1
zs~cKb+l8{ry0x~9+{6=<)At~2F6b?spL&z5^0K;X52nF$WC<G*yrGhbZT;o_>sQtJ
zhOiE_IG*?1mJ#sY>v|jRVS&#T#X{fsPDS=ZMvC2peWoUhSd58WgqLVsu)bhzpX+;T
z_<60(g+_%BW<eZ3jt8^h#I1lVv&kk>Q?bqdDeJq1E?37mCX$P08A%!iPdZNyA}wj@
zyNlg#bFFx#*ja;=*7@lh?=Pl%zGAJ9*fG8AHEi>O)7#i4=1*3#XV<>{*a5&lrFOEm
zh249TnN4rzoXuV{5uds@9?%tS97KNH{^-nn+9nVfe;8usi+wcVK>3~Nlz&sxJBAU0
z@4q+HcL6(FysAQuo1(sgFx<wIw|6z?QFQC6iCp98-L#kq2M?`TN3XM1IARZ6atYNB
zp?pvl>}o+#dD$#dO^8BKg*@+d(lBY*u%^~7xS)3`kIS_6a4V`Us`8GHy1Qs+<93rd
z)>|ku7Fd4Fw&v;**6%D@hzi2^Vw;U!QA{~&c6vNw>=8Nmc$%}Jv!S)GZ$iqf*9`UP
zKk{MG>a3LL@tM~1vlsGZeui5HW4bJGAT<2pxa6A--{N2^dbsz(&G&0bQ#CJ=7qJaB
zW!;ENpKwWQ(+i~)cefZwD=Z#g5sbd?bpLhsoyTrZoJGlC+W6{U9et4Q6=!=zYL;Fk
zkA5}3ZQL-oXgV9G5u>t9+W83+u&qn=j`1M`u8>(59y?O8f8}faqvL5_zIIpQd_2qK
zE&-C(H^*HlVea-Y5qCeAx5Xx5vCf|o0KE0TmtnHiGF@Pz(VC0srS%Q+LqIsFit4Sm
zs-uz@cjky+{3P0+G)j)ktueI578&%u{2KvJ;wWk|`g%>359K*$B<Ak<&YZ@Ui5F+o
z5s%x|Va?}&bVl`|285{ol|s%n(JGfs0M>Z3@^2Ktj?rU&YkemI@>p;Beht8sjCRh#
zZi_Lg`Qe!^aSOfLb54fn%2Az!bTxJTq28(Tg>zhc{+C#|fr|Q3);ASBCT6k+P=_jm
zb1&|U>502@yZ^b5zvWURJ?G6>P*{%ZCNNg7&j^#;1R|KfEKa^~-Ya<0fYIra&3e#4
zo^vr>VL70NYrowpNIva^J1YAN?xnn$b#Hncm7kR95LeJ^JI4a!IdLG_u&$T!+Uy-Z
z%OuQo_4-d-S6G>p<vqFUh&J|x`UQ9m>1p$fkGO}NT_erY|J@K400Ik&r@jyWC2C;x
z<c+Zb57hR~&MOOHZ)!FHRd4rgM`;p~QFj+8?8L1lLyC5Jc<RtE_m)grBPw#%BTr4E
zeX>cVWf&!;(AJEVif2#YcNH%|J)?qPtb>KaoL)V(nbeZX-yS;&I|*zbNc)Bzhq<f+
z0*<sXy7D~xuD~!&DSa0G4m#?&k?9UOKDY3@0w4mws#)i(T)MgW>i&9WMfkh0V`CFn
z6+D;aJky4{Qkut^#J3^n(Z<6NRN^sJC@KDN;mOLVzK()t+E;e%ll&$<7gMwc(vD7?
z4yv!7IHD4=`}XpZq<*58UW-fCB}k<eDv`D<$4ndS>YW{DlHcOc)f$;j^WJ0CHtk9A
ziz@3@KR~cOQMh|)lBG$VFly18pK~fJ!!>Ay)ILN1I7kby=aRm52&%n2cQ6?94Bt9<
z2@-1d@K>-SVz2dOAylS4S7fG>&a}4?oR~~_lGnx#?rf2@jv5T4E>dsIq|;|Y!*4@o
zJZZMo&Zit(`u4A&=R535km#?t;+`?HGOQyLU3VZ%Z*lFXVoUdgcAZr9`)hF)Mi4;6
z!fbpt$TN?okFB`ef9*CT1MKq?L#}0ph<6$?Sw%C7kcj8^v9=T&-1Cspw&jc;x}w%H
z(&9}#I!&_mxLUtvLTiim;3lv)46VFXLTttZX^)+$`KMR(eIX3cm(f@=j%-=*id;#2
z80x78^QDgmLW*xf!v}@du1kky$`5%#0$}@FOxVk&O@O@#=w5{cLJv|MJ1`0HD=BzS
z=o`R2{&5)#m&4Db&-Pn!CEFXVGGDds6Lrg<rw(0$L@xK|UB^3-v+;QQ7tpuV#YmU-
zmSM*=k0iWM^(^x+B;-xX?irrfn6zQO8h_;5ZwATu+AwUYQiEkEwm8ZtB`qGGM`g7o
zLK@)B99`|jxSX}k`9F#)<OZ6#!sx7_hd624dX1NS@TB@BNcQy#)hHt^8lO*fYK?EU
zT1zQPD5}Sd#2fZQTE#z3QzqMY)!m4{k*76Co8Xk~;T%tZGy?ATimt9*k2%vTiAL*e
zL?}Z-DESxdanEDa=gTc~>DUM39={Y8*RtyMD};o(0NrovZ|tzaM{;m#a-ONBg$~Fw
zI4Z}=Hm(QJ8w4RnCK9jymfnV|IO`d)>ZJ1kk^!>4R~*{g-04iFNmB4d>lo|%6NILp
zSXl<U!OD~5)*3K2)^+P$=Fn*ASo}cA;6S9AR6EnED<e~=qiGVP7#&|p4>;ldua+{7
z*mO+fn&cU3azSmK^01+CxBFHh6f(rGapcU8oh@y3DuRzQ5o=+nrdbb6AQRQJ$T1;~
z-iCYul+U>h5u9IT;N;mt9d&YoIgxP*?r<gdJhfj}Z#Dsd=Zo@N0nF)KM0Jw8h;2Jr
zZ=%v#WZk0solCV?LAO^ypH$!00`Qf*>DY!z;@HwW;&E{@CAd%A-{*bwnLPs@PJ>gq
zQGHHJc*!}^32vv0SjQe1+o7SlR>SuqIwG0Ar%DpOSQk?x8)|a=#dFLiu+QD8!`9lw
zKBEL#_Ehjz@uLE1`-HKORtcnYkR0RQq*J9LZdf(7b!3PzOxy&bP5X<cikG*F1zd}?
zQ{2+c(cM{Ca4qr)GYysXKKy_&DnV&UlKge!)+UhnVZ~KFN4XhzF=1cZqwZ9Jb?aWa
z@E@(4i%NzEpP49S;r8Kzu0PX?+0TvzQ!2_Ub@qCAY{_-2qKcj!qVIhC7)FWq*ER71
zbyrxGrNeqHl#Ilw<4}A&ZeuXj_a*w6%j?MCReVSOWf=R1JjO&$N_Q<fa#*D!WW+Xs
zG^pGPuGNdWkVSW7^aY1<>mLm3D&iJzXd0NM$y0{BnB^Kx_#K<Tk8KbJFl}s^$x~YS
zr7N^0MzBJKZr7rtm6X6b%b8H>oEbU_L0&4U*O;pp8RTNhQq7ySrFJAc>U0NGH-`+Z
zS{~lT`ME!^{LZKrJ~M3hYuF}`N`LwK61X1ECF}h0hMDp%9j!asA8D?NK;|E~e>v*n
zqvuJ7Ayz;+;qIVvV#wam;V`GBpa)K`EtuU0ih?VIpw&*c;a~lMRkvr|z@1s6%B2t1
z7s~`sxKaB@-z*Tz5)ykw6IkF7l{O}KZfhrH=fZR&JuDaX&Oy75D(hfP;2HnuZEJ4J
zicL5r9JCcYr^eyLwu%_ofiAk2osjF3mS2{8d3^&tTL7*Th-Vj^_fAA63^iYMnOsqg
z4wv~FUCIPc8TIeur$|qM1IfBALAe`E8AfuoLnWz<@;=2}07$+2X11Xskd_s}Szc1?
z6t3EN;>t;)<i~vnjD#<uSyuO9`pp=5OP^egit1UXr`(f`0bA{UkDN%j`eONVXgPSY
z;Tai!?Pd4iMb=SIidt_>s%H>mZnD#Eky(zYOI*7v40K1txH+2cX9wAZma>9jr+%Iv
z7_3UX(R6jG@MRa+6Sqlv1>3yGtg$h3)DV-dWtpdd+WADryiA)_kCU7}CT=ZnOs{>r
zN3_Fpb1_RZ*bum)2%m09KARSCz#Tm2wVRMrO=|A`;W=vdyLYarTl6`pYu5;Y<#1Nw
z`WeTKu|;@M>&LEmvUTP5oNBq-Py_3=DM~0APu|^-B-QeLX9}S2+C;N9-Jbz-#7@S}
zeJySC$hz`mB?UW^d$C3J5&+0tiyecGsn=D&W2)IICVu~`qYmK307u^aI38!Ob-c;P
z=q*YsZXLN|zX*H#qxZ)?0U?oeWYYbSBNu`sR!wrA3VL37c#9xhWMxB&8|Vxi8;Oxc
z#i-MoYZB*DbITH#PeDUuvQm>$vQX@`1Yg&330!K-k5;$TaKqc4SJ?*Zy{gw~Y`R5P
z`ffOJZaR4F(1&dk>JKs0B0V#iaq;0`p1S@shi=qJL4veRZ<NzEXXG<6@FZTNQbH}B
zqnlp)%4l$(I``lYmzMyG3EbqA&NivH5{J*V1&T!AY2vulq4~XSwhsH}Pl{V^?V%71
zkgWF?oInIr%N1EWv72%2LJJ3t<(oWO?hI4AUfy_8SBw^!<pu%pxwKZbRewKClJ-pY
z?ZW)Adb6L)06jXfcKK71m1Xgi3`vfNe`9IKmde%E4r{4;Q+(2~kU4`Zd9fk*(WDkz
z7S|JZ{y9Cm)M%TJl?JKc+Yc&HsTPsl_ny3Wxrgz|+@U?kilE%yQtiP7D21MCVeJXh
z7`J+G-?2=xIyDg5IJiwH@&Kptv{B$<?Bs88gWKr+^%5NK`MXX1kXF>2<2UcxSzc<<
zO)7Y2dUZVf;zPR`<4cf^+juw(2Uv&ZGDk4W)ncLkQ6T430jzrW45C;QpR*<klW@sl
zy{Kx8{r(X8c<q%wlJbVolP1sgn1SGHnlbs$rT6_PIf1S4=cB4Wko^fSr}~u3D!<wJ
EA5H-v%K!iX

diff --git a/batcher/app/src/dependencies.py b/batcher/app/src/dependencies.py
index b1356ff..e6e7677 100644
--- a/batcher/app/src/dependencies.py
+++ b/batcher/app/src/dependencies.py
@@ -4,11 +4,12 @@ import base64
 import hashlib
 import json
 from fastapi import Header, HTTPException
+from typing import Tuple
 
 from .config import TG_TOKEN
 
 
-async def get_token_header(authorization: str = Header()) -> (int, str):
+async def get_token_header(authorization: str = Header()) -> Tuple[int, str]:
     if not authorization:
         raise HTTPException(status_code=403, detail='Unauthorized')
 
@@ -48,5 +49,4 @@ async def get_token_header(authorization: str = Header()) -> (int, str):
         raise HTTPException(status_code=403, detail='Unauthorized')
 
     user_info = json.loads(data_dict['user'])
-    return user_info['id'], authorization
-
+    return user_info['id'], token
diff --git a/batcher/app/src/domain/click/usecase.py b/batcher/app/src/domain/click/usecase.py
index ae65cf7..3e42047 100644
--- a/batcher/app/src/domain/click/usecase.py
+++ b/batcher/app/src/domain/click/usecase.py
@@ -5,6 +5,8 @@ import aiohttp
 import redis.asyncio as redis
 import aio_pika
 import asyncpg
+import base64
+from fastapi.exceptions import HTTPException
 
 from app.src.domain.setting import get_setting
 from .repos.redis import (
@@ -103,8 +105,14 @@ async def _has_any_clicks(r: redis.Redis, user_id: int) -> bool:
 
 
 async def _get_refresh_energy(r: redis.Redis, user_id: int, req_token: str) -> int:
+    new_auth_date = _auth_date_from_token(req_token)
     current_token = await get_user_session(r, user_id)
     if current_token != req_token:
+        if current_token is not None:
+            last_auth_date = _auth_date_from_token(current_token)
+            session_cooldown = get_setting('SESSION_COOLDOWN')
+            if new_auth_date - last_auth_date < session_cooldown:
+                raise HTTPException(status_code=403, detail='Unauthorized')
         session_energy = int(get_setting('SESSION_ENERGY'))
         await set_user_session(r, user_id, req_token)
         await set_energy(r, user_id, session_energy)
@@ -112,6 +120,12 @@ async def _get_refresh_energy(r: redis.Redis, user_id: int, req_token: str) -> i
     else:
         return await r_get_energy(r, user_id)
 
+def _auth_date_from_token(token):
+    split_res = base64.b64decode(token).decode('utf-8').split(':')
+    data_check_string = ':'.join(split_res[:-1]).strip().replace('/', '\\/')
+    data_dict = dict([x.split('=') for x in data_check_string.split('\n')])
+    return int(data_dict['auth_date'])
+
 
 async def check_energy(r: redis.Redis, user_id: int, amount: int, _token: str) -> Tuple[int, int]:
     _energy = await _get_refresh_energy(r, user_id, _token)