forked from MarseyWorld/MarseyWorld
Rate limiter: whitelist admins.
Due to presently hitting perpetual 429s after a mishap with lottery polling on production, among past events where admins have gotten rate-limited for doing otherwise normal admin behavior, the flask_limiter.Limiter now has a request filter to whitelist JL2+. Despite running on every request, I don't anticipate this undermining the DoS prevention power of the Limiter. It is yet unknown whether there are edge cases where running get_logged_in_user in a different spot in the request pipeline might e.g. subtly break the logged-in counters. This is not expected at present, however.master
parent
c73f97c183
commit
4ba2098612
|
|
@ -1,10 +1,17 @@
|
|||
from .get import *
|
||||
from .alerts import *
|
||||
from files.helpers.const import *
|
||||
from files.__main__ import db_session
|
||||
from files.__main__ import db_session, limiter
|
||||
from random import randint
|
||||
import user_agents
|
||||
|
||||
@limiter.request_filter
|
||||
def limiter_whitelist_admins():
|
||||
v = get_logged_in_user()
|
||||
if not v:
|
||||
return False
|
||||
return v.admin_level >= 2
|
||||
|
||||
def get_logged_in_user():
|
||||
|
||||
if hasattr(g, 'v'): return g.v
|
||||
|
|
|
|||
Loading…
Reference in New Issue