From 6bf8f67d0ff9ae04f965804eb84e94cfb477c5df Mon Sep 17 00:00:00 2001 From: Aevann Date: Thu, 10 Aug 2023 00:09:15 +0300 Subject: [PATCH] disable signups when ddos detected --- files/routes/errors.py | 3 ++- files/routes/login.py | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/files/routes/errors.py b/files/routes/errors.py index 1e483d893..b47e7edc8 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -48,7 +48,8 @@ def error_401(e): qs = urlencode(dict(request.values)) argval = quote(f"{path}?{qs}", safe='').replace('/logged_out','') if not argval: argval = '/' - if session.get("history") or not get_setting("signups"): return redirect(f"/login?redirect={argval}") + if session.get("history") or not get_setting("signups") or get_setting("ddos_detected"): + return redirect(f"/login?redirect={argval}") else: return redirect(f"/signup?redirect={argval}") @app.errorhandler(500) diff --git a/files/routes/login.py b/files/routes/login.py index 084dca64d..097c23cc2 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -146,7 +146,7 @@ def logout(v): @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) @auth_desired def sign_up_get(v): - if not get_setting('signups'): + if not get_setting('signups') or get_setting("ddos_detected"): abort(403, "New account registration is currently closed. Please come back later!") if v: return redirect(SITE_FULL) @@ -195,7 +195,7 @@ def sign_up_get(v): @limiter.limit("10/day", deduct_when=lambda response: response.status_code < 400) @auth_desired def sign_up_post(v): - if not get_setting('signups'): + if not get_setting('signups') or get_setting("ddos_detected"): abort(403, "New account registration is currently closed. Please come back later!") if v: abort(403)