alai-dev/trade-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5d895ae12c024bccedc49948bb24f6b09f60dc18
trade-assistant/backend/app/api/v1/marketing.py
T
TradeMate Dev 13e3992d4c fix: security and code quality improvements 
Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility
2026-06-11 17:54:07 +08:00

99 lines
2.7 KiB
Python
Raw Blame History

from fastapi import APIRouter, HTTPException, Depends, Header
from typing import Optional
from pydantic import BaseModel
from sqlalchemy.ext.asyncio import AsyncSession
from app.database import get_db
from app.services.marketing import MarketingService
from app.services.preference import UserPreferenceService
from app.core.security import decode_token
from app.api.v1.deps import get_current_user_id
from app.config import settings
router = APIRouter()
class MarketingRequest(BaseModel):
product_name: str
description: str
category: Optional[str] = None
price: Optional[str] = None
keywords: Optional[list] = None
target: str = "US importers"
style: str = "professional"
language: str = "en"
count: int = 3
class KeywordsRequest(BaseModel):
product_name: str
description: str
category: Optional[str] = None
language: str = "en"
count: int = 10
class CompetitorRequest(BaseModel):
product_name: str
description: str
category: Optional[str] = None
market: str = "US"
@router.post("/generate")
async def generate_marketing(
data: MarketingRequest,
user_id: str = Depends(get_current_user_id),
db: AsyncSession = Depends(get_db),
):
service = MarketingService()
pref_service = UserPreferenceService(db)
pref_context = await pref_service.get_preference_context(user_id, "marketing")
product_info = {
"name": data.product_name,
"description": data.description,
"category": data.category,
"price": data.price,
"keywords": data.keywords,
}
results = await service.generate(product_info, data.target, data.style, data.language, data.count, pref_context)
return {
"results": results,
"product": data.product_name,
"target": data.target,
"count": len(results),
}
@router.post("/keywords")
async def generate_keywords(
data: KeywordsRequest,
user_id: str = Depends(get_current_user_id),
):
service = MarketingService()
product_info = {
"name": data.product_name,
"description": data.description,
"category": data.category,
}
keywords = await service.generate_keywords(product_info, data.language, data.count)
return {"keywords": keywords, "product": data.product_name}
@router.post("/competitor-analysis")
async def competitor_analysis(
data: CompetitorRequest,
user_id: str = Depends(get_current_user_id),
):
service = MarketingService()
product_info = {
"name": data.product_name,
"description": data.description,
"category": data.category,
}
analysis = await service.analyze_competitors(product_info, data.market)
return {"analysis": analysis, "product": data.product_name, "market": data.market}
Reference in New Issue View Git Blame Copy Permalink