Rate limiter: whitelist admins.

Due to presently hitting perpetual 429s after a mishap with lottery
polling on production, among past events where admins have gotten
rate-limited for doing otherwise normal admin behavior, the
flask_limiter.Limiter now has a request filter to whitelist JL2+.
Despite running on every request, I don't anticipate this undermining
the DoS prevention power of the Limiter.

It is yet unknown whether there are edge cases where running
get_logged_in_user in a different spot in the request pipeline might
e.g. subtly break the logged-in counters. This is not expected at
present, however.
master
Snakes 2022-05-30 23:01:18 -04:00
parent c73f97c183
commit 4ba2098612
1 changed files with 8 additions and 1 deletions

View File

@ -1,10 +1,17 @@
from .get import *
from .alerts import *
from files.helpers.const import *
from files.__main__ import db_session
from files.__main__ import db_session, limiter
from random import randint
import user_agents
@limiter.request_filter
def limiter_whitelist_admins():
v = get_logged_in_user()
if not v:
return False
return v.admin_level >= 2
def get_logged_in_user():
if hasattr(g, 'v'): return g.v