""" GeoIP resolution helper using MaxMind GeoLite2 database. Never raises — returns empty dict on any failure. """ import logging logger = logging.getLogger(__name__) _reader = None # module-level singleton def get_geoip_reader(): """Lazily initialize the MaxMind GeoLite2 reader. Returns None if DB unavailable.""" global _reader if _reader is None: try: import geoip2.database from src.core.config import settings _reader = geoip2.database.Reader(settings.GEOIP_DB_PATH) except Exception as e: logger.warning(f"GeoIP reader unavailable: {e}") return _reader def resolve_geo_from_ip(ip: str) -> dict: """ Returns dict with keys: country, region, city, latitude, longitude. Returns empty dict on any failure — must never raise. SECURITY (LOW): IP addresses and precise geo coordinates (lat/lon) stored in auth_sessions constitute personal data under GDPR Article 4. Ensure: 1. lat/lon precision is intentionally high — consider rounding to city level only (2 decimal places) to reduce PII sensitivity. 2. IP addresses in session history are only accessible to the authenticated user themselves (currently correct via get_session_history user_id scoping). 3. Data retention: session history is queried for 90-day window; ensure DB-level cleanup deletes old session rows to comply with data minimisation principles. """ if not ip or ip in ("127.0.0.1", "::1", "localhost"): return {} try: reader = get_geoip_reader() if reader is None: return {} response = reader.city(ip) return { "country": response.country.name, "region": response.subdivisions.most_specific.name if response.subdivisions else None, "city": response.city.name, "latitude": float(response.location.latitude) if response.location.latitude else None, "longitude": float(response.location.longitude) if response.location.longitude else None, } except Exception as e: logger.debug(f"GeoIP lookup failed for IP {ip}: {e}") return {}