Merge pull request #1780 from Fr1ngg/revert-1779-dev4

Revert "da eb tvoyu mat' kakoy pidoras delal etu ukassu "
2026-02-21 11:51:06 +00:00 · 2025-11-08 10:58:21 +03:00
parent cedbe07759 0563f7524f
commit 1c59ce601e
2 changed files with 3 additions and 65 deletions
--- a/app/external/yookassa_webhook.py
+++ b/app/external/yookassa_webhook.py
@@ -40,34 +40,6 @@ YOOKASSA_ALLOWED_EVENTS: tuple[str, ...] = (
 )


-_DEFAULT_TRUSTED_PROXY_NETWORKS: tuple[IPNetwork, ...] = (
-    # Cloudflare IPv4 ranges
-    ip_network("173.245.48.0/20"),
-    ip_network("103.21.244.0/22"),
-    ip_network("103.22.200.0/22"),
-    ip_network("103.31.4.0/22"),
-    ip_network("141.101.64.0/18"),
-    ip_network("108.162.192.0/18"),
-    ip_network("190.93.240.0/20"),
-    ip_network("188.114.96.0/20"),
-    ip_network("197.234.240.0/22"),
-    ip_network("198.41.128.0/17"),
-    ip_network("162.158.0.0/15"),
-    ip_network("172.64.0.0/13"),
-    ip_network("131.0.72.0/22"),
-    ip_network("104.16.0.0/13"),
-    ip_network("104.24.0.0/14"),
-    # Cloudflare IPv6 ranges
-    ip_network("2400:cb00::/32"),
-    ip_network("2606:4700::/32"),
-    ip_network("2803:f800::/32"),
-    ip_network("2405:b500::/32"),
-    ip_network("2405:8100::/32"),
-    ip_network("2a06:98c0::/29"),
-    ip_network("2c0f:f248::/32"),
-)
-
-
 def collect_yookassa_ip_candidates(*values: Optional[str]) -> List[str]:
    candidates: List[str] = []
    for value in values:
@@ -115,7 +87,7 @@ def _should_trust_forwarded_headers(remote_ip: Optional[IPAddress]) -> bool:
    )


-_TRUSTED_PROXY_NETWORKS_CACHE: Tuple[str, Tuple[IPNetwork, ...]] = ("", _DEFAULT_TRUSTED_PROXY_NETWORKS)
+_TRUSTED_PROXY_NETWORKS_CACHE: Tuple[str, Tuple[IPNetwork, ...]] = ("", ())


 def _get_trusted_proxy_networks() -> Tuple[IPNetwork, ...]:
@@ -124,10 +96,10 @@ def _get_trusted_proxy_networks() -> Tuple[IPNetwork, ...]:
    raw_value = getattr(settings, "YOOKASSA_TRUSTED_PROXY_NETWORKS", "") or ""
    cached_raw, cached_networks = _TRUSTED_PROXY_NETWORKS_CACHE

-    if raw_value == cached_raw and cached_networks:
+    if raw_value == cached_raw:
        return cached_networks

-    networks: List[IPNetwork] = list(_DEFAULT_TRUSTED_PROXY_NETWORKS)
+    networks: List[IPNetwork] = []
    for part in raw_value.split(","):
        candidate = part.strip()
        if not candidate:
@@ -206,8 +178,6 @@ class YooKassaWebhookHandler:
            logger.info(f"📋 Headers: {dict(request.headers)}")

            header_ip_candidates = collect_yookassa_ip_candidates(
-                request.headers.get("CF-Connecting-IP"),
-                request.headers.get("True-Client-IP"),
                request.headers.get("X-Forwarded-For"),
                request.headers.get("X-Real-IP"),
            )
--- a/tests/external/test_yookassa_webhook.py
+++ b/tests/external/test_yookassa_webhook.py
@@ -32,7 +32,6 @@ def _build_headers(**overrides: str) -> dict[str, str]:
    headers = {
        "Content-Type": "application/json",
        "X-Forwarded-For": ALLOWED_IP,
-        "CF-Connecting-IP": ALLOWED_IP,
    }
    headers.update(overrides)
    return headers
@@ -73,15 +72,6 @@ def test_resolve_yookassa_ip_accepts_allowed_last_forwarded_candidate() -> None:
    assert str(ip_object) == ALLOWED_IP


-def test_resolve_yookassa_ip_handles_cloudflare_proxy() -> None:
-    candidates = [ALLOWED_IP]
-
-    ip_object = resolve_yookassa_ip(candidates, remote="172.64.223.133")
-
-    assert ip_object is not None
-    assert str(ip_object) == ALLOWED_IP
-
-
 def test_resolve_yookassa_ip_skips_trusted_proxy_hops(monkeypatch: pytest.MonkeyPatch) -> None:
    monkeypatch.setattr(settings, "YOOKASSA_TRUSTED_PROXY_NETWORKS", "203.0.113.0/24", raising=False)

@@ -192,25 +182,3 @@ async def test_handle_webhook_accepts_canceled_event(monkeypatch: pytest.MonkeyP

    assert status == 200
    process_mock.assert_awaited_once()
-
-
-@pytest.mark.asyncio
-async def test_handle_webhook_allows_cloudflare_forwarding(monkeypatch: pytest.MonkeyPatch) -> None:
-    _patch_get_db(monkeypatch)
-
-    process_mock = AsyncMock(return_value=True)
-    service = SimpleNamespace(process_yookassa_webhook=process_mock)
-
-    app = create_yookassa_webhook_app(service)
-    async with TestClient(TestServer(app)) as client:
-        payload = {"event": "payment.succeeded"}
-        response = await client.post(
-            settings.YOOKASSA_WEBHOOK_PATH,
-            data=json.dumps(payload).encode("utf-8"),
-            headers=_build_headers(**{"X-Forwarded-For": "172.64.223.133"}),
-        )
-
-        status = response.status
-
-    assert status == 200
-    process_mock.assert_awaited_once()