From 4385bafa85077cd0edfa44fa286b4bc144dfaca5 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Fri, 28 Oct 2022 20:22:51 +0200
Subject: [PATCH] add another ratelimit by username

---
 files/routes/login.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/routes/login.py b/files/routes/login.py
index e8a6cfa2f..d726c3b68 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -80,8 +80,8 @@ def login_deduct_when(resp):
 	return g.login_failed
 
 @app.post("/login")
-@limiter.limit("6/minute;10/day",
-	deduct_when=login_deduct_when)
+@limiter.limit("6/minute;10/day", deduct_when=login_deduct_when)
+@limiter.limit("6/minute;10/day", key_func=lambda:request.values.get("username").lower(), deduct_when=login_deduct_when)
 def login_post():
 	template = ''
 	g.login_failed = True