disable signups when ddos detected

files/routes/errors.py

@@ -48,7 +48,8 @@ def error_401(e):
 		qs = urlencode(dict(request.values))
 		argval = quote(f"{path}?{qs}", safe='').replace('/logged_out','')
 		if not argval: argval = '/'
-		if session.get("history") or not get_setting("signups"): return redirect(f"/login?redirect={argval}")
+		if session.get("history") or not get_setting("signups") or get_setting("ddos_detected"):
+			return redirect(f"/login?redirect={argval}")
 		else: return redirect(f"/signup?redirect={argval}")
 
 @app.errorhandler(500)

files/routes/login.py

@@ -146,7 +146,7 @@ def logout(v):
 @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
 @auth_desired
 def sign_up_get(v):
-	if not get_setting('signups'):
+	if not get_setting('signups') or get_setting("ddos_detected"):
 		abort(403, "New account registration is currently closed. Please come back later!")
 
 	if v: return redirect(SITE_FULL)
@@ -195,7 +195,7 @@ def sign_up_get(v):
 @limiter.limit("10/day", deduct_when=lambda response: response.status_code < 400)
 @auth_desired
 def sign_up_post(v):
-	if not get_setting('signups'):
+	if not get_setting('signups') or get_setting("ddos_detected"):
 		abort(403, "New account registration is currently closed. Please come back later!")
 
 	if v: abort(403)