Update app.py

app.py

@@ -29,7 +29,7 @@ import psutil
 from base import replace_null_with_empty_string
 
 
-
+ALLOWED_ORIGIN = "https://diamonik7777-up-fail.hf.space"
 
 # Замените на ваш реальный ключ Системы
 api_key_sys = os.getenv('api_key_sys')  
@@ -814,19 +814,20 @@ def get_order_vk():
 
         
 # Чтение ордера по ключу и ВК ИД для Автопилота
-@app.route('/get_order', methods=['GET'])
+@app.route('/get_order', methods=['POST'])
 def get_order():
     try:
-        logging.debug("Starting set_order")
+        logging.debug("Starting set_order_vk")
 
-        # Читаем параметры из GET-запроса
-        api_sys_control = request.args.get('api_sys')
-        if api_sys_control != api_key_sys:
-            logging.warning("Unauthorized access attempt")
-            return json.dumps({"error": "Unauthorized access"}), 403
+        # Проверка заголовка Origin
+        origin = request.headers.get('Origin')
+        if origin != ALLOWED_ORIGIN:
+            return jsonify({"error": "Unauthorized access"}), 403
 
-        vkid = request.args.get('vk_id', '')
-        order = request.args.get('order', '')
+        # Читаем параметры из POST-запроса
+        data = request.json
+        vkid = data.get('vk_id', '')
+        order = data.get('order', '')
 
         if not vkid or not order:
             logging.error("VK ID and order are required")
@@ -868,9 +869,6 @@ def get_order():
     except Exception as e:
         logging.error(f"An error occurred: {str(e)}")
         return json.dumps({"error": str(e)}), 500
-
-
-