项目
概述
实施了严格的 CSP 策略、环境指纹校验以及 API 接口的三重鉴权,确保服务端固若金汤。
建议横屏查看以获得最佳体验 ↺
实施了严格的 CSP 策略、环境指纹校验以及 API 接口的三重鉴权,确保服务端固若金汤。
# _*_coding : utf-8 _*_
from flask import Flask, request, render_template, jsonify
import hashlib, hmac, logging, sys, requests
# 🔒 服务器环境指纹 (脱敏版)
EXPECTED_PUBLIC_IP = "YOUR_SERVER_PUBLIC_IP"
EXPECTED_UUID = "YOUR_CLOUDFLARE_WAF_UUID"
BOT_API_KEY = "YOUR_BOT_SECRET_API_KEY"
app = Flask(__name__)
@app.after_request
def add_security_headers(response):
'''设置严格的安全响应头,防御 XSS、点击劫持和恶意广告注入'''
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
response.headers['X-XSS-Protection'] = '1; mode=block'
csp_policy = "default-src 'self'; script-src 'self' 'unsafe-inline';"
response.headers['Content-Security-Policy'] = csp_policy
return response
def verify_request():
'''机器人专用远程 API 三重验证'''
auth_header = request.headers.get('Authorization')
if auth_header != f"Bearer {BOT_API_KEY}":
return False, "Invalid API Key"
req_uuid = request.headers.get('x-developer-id')
if req_uuid != EXPECTED_UUID:
return False, "Invalid UUID Identity"
return True, "OK"
def check_server_environment():
'''启动自检:防止代码被窃取后在非授权服务器运行'''
try:
public_ip = requests.get('https://api.ipify.org', timeout=5).text.strip()
if public_ip != EXPECTED_PUBLIC_IP:
logger.critical("⛔ 严重安全警告: 代码运行在错误的服务器上!启动终止。")
sys.exit(1)
except Exception as e:
logger.error(f"IP 检查失败: {e}")
check_server_environment()