ratelimiting: check after required request g attributes are set
This commit is contained in:
justcool393
Ben Rog-Wilhelm
parent
1ae3dc85c2
commit
3f2e8629df
3 changed files with 12 additions and 6 deletions
|
|
@ -142,7 +142,8 @@ limiter = Limiter(
|
|||
key_func=get_remote_addr,
|
||||
default_limits=["3/second;30/minute;200/hour;1000/day"],
|
||||
application_limits=["10/second;200/minute;5000/hour;10000/day"],
|
||||
storage_uri=environ.get("REDIS_URL", "redis://localhost")
|
||||
storage_uri=environ.get("REDIS_URL", "redis://localhost"),
|
||||
auto_check=False,
|
||||
)
|
||||
|
||||
Base = declarative_base()
|
||||
|
|
@ -166,8 +167,6 @@ def before_request():
|
|||
if not app.config['SETTINGS']['Bots'] and request.headers.get("Authorization"):
|
||||
abort(403, "Bots are currently not allowed")
|
||||
|
||||
g.db = db_session()
|
||||
|
||||
g.agent = request.headers.get("User-Agent")
|
||||
if not g.agent:
|
||||
return 'Please use a "User-Agent" header!', 403
|
||||
|
|
@ -182,6 +181,10 @@ def before_request():
|
|||
' firefox/' in ua)
|
||||
g.timestamp = int(time.time())
|
||||
|
||||
limiter.check()
|
||||
|
||||
g.db = db_session()
|
||||
|
||||
|
||||
@app.teardown_appcontext
|
||||
def teardown_request(error):
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ total = cache.get(f'{SITE}_total') or 0
|
|||
|
||||
@app.get("/chat")
|
||||
@auth_required
|
||||
def chat( v):
|
||||
def chat(v):
|
||||
return render_template("chat.html", v=v, messages=messages)
|
||||
|
||||
|
||||
|
|
@ -37,6 +37,7 @@ def chatjs():
|
|||
@limiter.limit("3/second;10/minute")
|
||||
@auth_required
|
||||
def speak(data, v):
|
||||
limiter.check()
|
||||
if v.is_banned: return '', 403
|
||||
|
||||
vname = v.username.lower()
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import time
|
|||
from files.__main__ import app
|
||||
from http.client import responses
|
||||
|
||||
|
||||
@app.errorhandler(400)
|
||||
@app.errorhandler(401)
|
||||
@app.errorhandler(403)
|
||||
|
|
@ -34,7 +33,10 @@ def error_401(e):
|
|||
|
||||
@app.errorhandler(500)
|
||||
def error_500(e):
|
||||
g.db.rollback()
|
||||
if getattr(g, 'db', None):
|
||||
g.db.rollback()
|
||||
else:
|
||||
app.logger.warning("Exception happened with no db initialized (perhaps early in request cycle?)")
|
||||
return error(e)
|
||||
|
||||
@app.post("/allow_nsfw")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue