matt/recon
1
0
Fork 0
mirror of https://github.com/zvx-echo6/recon.git synced 2026-05-20 06:34:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat(place): gate Google Places API calls behind auth

Browse source 
Guest users receive local and cached data only. New Google Places API
calls are only triggered for authenticated users, protecting against
cost exploitation on the public navi.echo6.co frontend.

The pattern: cached Google data flows freely (already paid for by an
authed lookup). New API calls require X-Authentik-Username via
get_user_id() check.
This commit is contained in:
Matt 2026-04-26 03:36:21 +00:00
commit f35af18320
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/place_detail.py
View file

@ -218,6 +218,12 @@ def _enrich_with_google(result, osm_type, osm_id):
if cached_pid is not None: if cached_pid is not None:
return result return result
# Skip new Google API calls for guest users (cached data already returned above)
from .auth import get_user_id
if not get_user_id():
logger.debug(f"google_places: skip API call for {osm_type}/{osm_id} — guest user")
return result
# Daily cap check # Daily cap check
if not google_places.check_daily_cap(): if not google_places.check_daily_cap():
return result return result