forked from MarseyWorld/MarseyWorld
default ratelimit and default ratelimit slower
parent
a84a20a12b
commit
aa272729f1
|
@ -53,6 +53,10 @@ CONTENT_SECURITY_POLICY_HOME = f"script-src 'self' 'unsafe-inline' 'unsafe-eval'
|
|||
|
||||
CLOUDFLARE_COOKIE_VALUE = "yes."
|
||||
|
||||
DEFAULT_RATELIMIT = "3/second;30/minute;200/hour;1000/day"
|
||||
DEFAULT_RATELIMIT_SLOWER = "1/second;30/minute;200/hour;1000/day"
|
||||
DEFAULT_RATELIMIT_USER = DEFAULT_RATELIMIT_SLOWER
|
||||
|
||||
if SITE == "localhost": SITE_FULL = 'http://' + SITE
|
||||
else: SITE_FULL = 'https://' + SITE
|
||||
|
||||
|
|
|
@ -146,5 +146,5 @@ def feature_required(x):
|
|||
return wrapper
|
||||
return wrapper_maker
|
||||
|
||||
def ratelimit_user(limit="1/second;30/minute;200/hour;1000/day"):
|
||||
def ratelimit_user(limit=DEFAULT_RATELIMIT_USER):
|
||||
return limiter.limit(limit, key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
||||
|
|
|
@ -50,7 +50,7 @@ def send_verification_email(user, email=None):
|
|||
|
||||
|
||||
@app.post("/verify_email")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def verify_email(v):
|
||||
|
|
|
@ -193,7 +193,7 @@ def remove_admin(v, username):
|
|||
return {"message": f"@{user.username} has been removed as admin!"}
|
||||
|
||||
@app.post("/distribute/<option_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['POST_BETS_DISTRIBUTE'])
|
||||
def distribute(v, option_id):
|
||||
autojanny = get_account(AUTOJANNY_ID)
|
||||
|
@ -249,7 +249,7 @@ def distribute(v, option_id):
|
|||
return {"message": f"Each winner has received {coinsperperson} coins!"}
|
||||
|
||||
@app.post("/@<username>/revert_actions")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['ADMIN_ACTIONS_REVERT'])
|
||||
def revert_actions(v, username):
|
||||
user = get_user(username)
|
||||
|
@ -299,7 +299,7 @@ def revert_actions(v, username):
|
|||
return {"message": f"@{user.username}'s admin actions have been reverted!"}
|
||||
|
||||
@app.post("/@<username>/club_allow")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_CLUB_ALLOW_BAN'])
|
||||
def club_allow(v, username):
|
||||
u = get_user(username, v=v)
|
||||
|
@ -325,7 +325,7 @@ def club_allow(v, username):
|
|||
return {"message": f"@{u.username} has been allowed into the {CC_TITLE}!"}
|
||||
|
||||
@app.post("/@<username>/club_ban")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_CLUB_ALLOW_BAN'])
|
||||
def club_ban(v, username):
|
||||
u = get_user(username, v=v)
|
||||
|
@ -528,7 +528,7 @@ def badge_grant_get(v):
|
|||
return render_template("admin/badge_admin.html", v=v, badge_types=badges, grant=grant)
|
||||
|
||||
@app.post("/admin/badge_grant")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_BADGES'])
|
||||
@feature_required('BADGES')
|
||||
def badge_grant_post(v):
|
||||
|
@ -577,7 +577,7 @@ def badge_grant_post(v):
|
|||
return render_template("admin/badge_admin.html", v=v, badge_types=badges, grant=True, msg=f"{new_badge.name} Badge granted to @{user.username} successfully!")
|
||||
|
||||
@app.post("/admin/badge_remove")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_BADGES'])
|
||||
@feature_required('BADGES')
|
||||
def badge_remove_post(v):
|
||||
|
@ -740,7 +740,7 @@ def alt_votes_get(v):
|
|||
|
||||
|
||||
@app.post("/admin/link_accounts")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_LINK'])
|
||||
def admin_link_accounts(v):
|
||||
u1 = get_account(request.values.get("u1")).id
|
||||
|
@ -837,7 +837,7 @@ def unagendaposter(user_id, v):
|
|||
|
||||
|
||||
@app.post("/shadowban/<user_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_SHADOWBAN'])
|
||||
def shadowban(user_id, v):
|
||||
user = get_account(user_id)
|
||||
|
@ -868,7 +868,7 @@ def shadowban(user_id, v):
|
|||
return {"message": f"@{user.username} has been shadowbanned!"}
|
||||
|
||||
@app.post("/unshadowban/<user_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_SHADOWBAN'])
|
||||
def unshadowban(user_id, v):
|
||||
user = get_account(user_id)
|
||||
|
@ -893,7 +893,7 @@ def unshadowban(user_id, v):
|
|||
|
||||
|
||||
@app.post("/admin/title_change/<user_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_TITLE_CHANGE'])
|
||||
def admin_title_change(user_id, v):
|
||||
|
||||
|
@ -929,7 +929,7 @@ def admin_title_change(user_id, v):
|
|||
return {"message": f"@{user.username}'s flair has been changed!"}
|
||||
|
||||
@app.post("/ban_user/<user_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
def ban_user(user_id, v):
|
||||
user = get_account(user_id)
|
||||
|
@ -1064,7 +1064,7 @@ def agendaposter(user_id, v):
|
|||
|
||||
|
||||
@app.post("/unban_user/<user_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
def unban_user(user_id, v):
|
||||
user = get_account(user_id)
|
||||
|
@ -1097,7 +1097,7 @@ def unban_user(user_id, v):
|
|||
return {"message": f"@{user.username} has been unbanned!"}
|
||||
|
||||
@app.post("/mute_user/<int:user_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
def mute_user(v, user_id):
|
||||
user = get_account(user_id)
|
||||
|
@ -1116,7 +1116,7 @@ def mute_user(v, user_id):
|
|||
|
||||
|
||||
@app.post("/unmute_user/<int:user_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
def unmute_user(v, user_id):
|
||||
user = get_account(user_id)
|
||||
|
@ -1135,7 +1135,7 @@ def unmute_user(v, user_id):
|
|||
|
||||
|
||||
@app.post("/remove_post/<post_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
def remove_post(post_id, v):
|
||||
post = get_post(post_id)
|
||||
|
@ -1163,7 +1163,7 @@ def remove_post(post_id, v):
|
|||
|
||||
|
||||
@app.post("/approve_post/<post_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
def approve_post(post_id, v):
|
||||
|
||||
|
@ -1336,7 +1336,7 @@ def unsticky_comment(cid, v):
|
|||
|
||||
|
||||
@app.post("/remove_comment/<c_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
def remove_comment(c_id, v):
|
||||
comment = get_comment(c_id)
|
||||
|
@ -1356,7 +1356,7 @@ def remove_comment(c_id, v):
|
|||
|
||||
|
||||
@app.post("/approve_comment/<c_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
def approve_comment(c_id, v):
|
||||
|
||||
|
@ -1418,7 +1418,7 @@ def admin_banned_domains(v):
|
|||
return render_template("admin/banned_domains.html", v=v, banned_domains=banned_domains)
|
||||
|
||||
@app.post("/admin/ban_domain")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['DOMAINS_BAN'])
|
||||
def ban_domain(v):
|
||||
|
||||
|
@ -1443,7 +1443,7 @@ def ban_domain(v):
|
|||
|
||||
|
||||
@app.post("/admin/unban_domain/<domain>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['DOMAINS_BAN'])
|
||||
def unban_domain(v, domain):
|
||||
existing = g.db.get(BannedDomain, domain)
|
||||
|
@ -1462,7 +1462,7 @@ def unban_domain(v, domain):
|
|||
|
||||
|
||||
@app.post("/admin/nuke_user")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
def admin_nuke_user(v):
|
||||
|
||||
|
@ -1495,7 +1495,7 @@ def admin_nuke_user(v):
|
|||
|
||||
|
||||
@app.post("/admin/unnuke_user")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
def admin_nunuke_user(v):
|
||||
|
||||
|
|
|
@ -120,7 +120,7 @@ def buy(v, award):
|
|||
return {"message": f"{award_title} award bought!"}
|
||||
|
||||
@app.post("/award/<thing_type>/<id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
@feature_required('AWARDS')
|
||||
|
|
|
@ -457,7 +457,7 @@ def edit_comment(cid, v):
|
|||
|
||||
|
||||
@app.post("/delete/comment/<cid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def delete_comment(cid, v):
|
||||
|
@ -485,7 +485,7 @@ def delete_comment(cid, v):
|
|||
return {"message": "Comment deleted!"}
|
||||
|
||||
@app.post("/undelete/comment/<cid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def undelete_comment(cid, v):
|
||||
|
@ -557,7 +557,7 @@ def unpin_comment(cid, v):
|
|||
|
||||
|
||||
@app.post("/save_comment/<cid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def save_comment(cid, v):
|
||||
|
@ -574,7 +574,7 @@ def save_comment(cid, v):
|
|||
return {"message": "Comment saved!"}
|
||||
|
||||
@app.post("/unsave_comment/<cid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def unsave_comment(cid, v):
|
||||
|
@ -610,7 +610,7 @@ def diff_words(answer, guess):
|
|||
|
||||
|
||||
@app.post("/wordle/<cid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def handle_wordle_action(cid, v):
|
||||
|
|
|
@ -180,7 +180,7 @@ def me(v):
|
|||
|
||||
|
||||
@app.post("/logout")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def logout(v):
|
||||
|
@ -397,7 +397,7 @@ def get_forgot():
|
|||
|
||||
|
||||
@app.post("/forgot")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
def post_forgot():
|
||||
|
||||
username = request.values.get("username")
|
||||
|
@ -469,7 +469,7 @@ def get_reset():
|
|||
|
||||
|
||||
@app.post("/reset")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@auth_desired
|
||||
def post_reset(v):
|
||||
if v: return redirect('/')
|
||||
|
|
|
@ -17,7 +17,7 @@ def authorize_prompt(v):
|
|||
|
||||
|
||||
@app.post("/authorize")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def authorize(v):
|
||||
|
@ -39,7 +39,7 @@ def authorize(v):
|
|||
|
||||
|
||||
@app.post("/rescind/<aid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def rescind(v, aid):
|
||||
|
@ -51,7 +51,7 @@ def rescind(v, aid):
|
|||
|
||||
|
||||
@app.post("/api_keys")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
def request_api_keys(v):
|
||||
|
@ -93,7 +93,7 @@ def request_api_keys(v):
|
|||
|
||||
|
||||
@app.post("/delete_app/<aid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def delete_oauth_app(v, aid):
|
||||
|
@ -116,7 +116,7 @@ def delete_oauth_app(v, aid):
|
|||
|
||||
|
||||
@app.post("/edit_app/<aid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
def edit_oauth_app(v, aid):
|
||||
|
@ -140,7 +140,7 @@ def edit_oauth_app(v, aid):
|
|||
|
||||
|
||||
@app.post("/admin/app/approve/<aid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['APPS_MODERATION'])
|
||||
def admin_app_approve(v, aid):
|
||||
|
||||
|
@ -176,7 +176,7 @@ def admin_app_approve(v, aid):
|
|||
|
||||
|
||||
@app.post("/admin/app/revoke/<aid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['APPS_MODERATION'])
|
||||
def admin_app_revoke(v, aid):
|
||||
|
||||
|
@ -201,7 +201,7 @@ def admin_app_revoke(v, aid):
|
|||
|
||||
|
||||
@app.post("/admin/app/reject/<aid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@admin_level_required(PERMS['APPS_MODERATION'])
|
||||
def admin_app_reject(v, aid):
|
||||
|
||||
|
@ -284,7 +284,7 @@ def admin_apps_list(v):
|
|||
|
||||
|
||||
@app.post("/reroll/<aid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def reroll_oauth_tokens(aid, v):
|
||||
|
|
|
@ -78,7 +78,7 @@ def unclub_post(pid, v):
|
|||
|
||||
|
||||
@app.post("/publish/<pid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def publish(pid, v):
|
||||
|
@ -226,7 +226,7 @@ def post_id(pid, anything=None, v=None, sub=None):
|
|||
fart=app.config['SETTINGS']['Fart mode'])
|
||||
|
||||
@app.get("/viewmore/<pid>/<sort>/<offset>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@auth_desired_with_logingate
|
||||
def viewmore(v, pid, sort, offset):
|
||||
post = get_post(pid, v=v)
|
||||
|
@ -282,7 +282,7 @@ def viewmore(v, pid, sort, offset):
|
|||
|
||||
|
||||
@app.get("/morecomments/<cid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@auth_desired_with_logingate
|
||||
def morecomments(v, cid):
|
||||
try: cid = int(cid)
|
||||
|
@ -954,7 +954,7 @@ def submit_post(v, sub=None):
|
|||
|
||||
|
||||
@app.post("/delete_post/<pid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def delete_post_pid(pid, v):
|
||||
|
@ -981,7 +981,7 @@ def delete_post_pid(pid, v):
|
|||
return {"message": "Post deleted!"}
|
||||
|
||||
@app.post("/undelete_post/<pid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def undelete_post_pid(pid, v):
|
||||
|
@ -1037,7 +1037,7 @@ def toggle_post_nsfw(pid, v):
|
|||
else: return {"message": "Post has been unmarked as +18!"}
|
||||
|
||||
@app.post("/save_post/<pid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def save_post(pid, v):
|
||||
|
@ -1053,7 +1053,7 @@ def save_post(pid, v):
|
|||
return {"message": "Post saved!"}
|
||||
|
||||
@app.post("/unsave_post/<pid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def unsave_post(pid, v):
|
||||
|
|
|
@ -8,7 +8,7 @@ from os import path
|
|||
from files.helpers.sanitize import filter_emojis_only
|
||||
|
||||
@app.post("/report/post/<pid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def flag_post(pid, v):
|
||||
|
@ -61,7 +61,7 @@ def flag_post(pid, v):
|
|||
|
||||
|
||||
@app.post("/report/comment/<cid>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def flag_comment(cid, v):
|
||||
|
|
|
@ -27,7 +27,7 @@ def settings_personal(v):
|
|||
return render_template("settings/personal.html", v=v)
|
||||
|
||||
@app.delete('/settings/background')
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def remove_background(v):
|
||||
|
@ -37,7 +37,7 @@ def remove_background(v):
|
|||
return {"message": "Background removed!"}
|
||||
|
||||
@app.post("/settings/personal")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_personal_post(v):
|
||||
|
@ -318,21 +318,21 @@ def set_color(v:User, attr:str, color:Optional[str]):
|
|||
|
||||
|
||||
@app.post("/settings/namecolor")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def namecolor(v):
|
||||
return set_color(v, "namecolor", request.values.get("namecolor"))
|
||||
|
||||
@app.post("/settings/themecolor")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def themecolor(v):
|
||||
return set_color(v, "themecolor", request.values.get("themecolor"))
|
||||
|
||||
@app.post("/settings/gumroad")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def gumroad(v):
|
||||
|
@ -368,14 +368,14 @@ def gumroad(v):
|
|||
return {"message": f"{patron} rewards claimed!"}
|
||||
|
||||
@app.post("/settings/titlecolor")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def titlecolor(v):
|
||||
return set_color(v, "titlecolor", request.values.get("titlecolor"))
|
||||
|
||||
@app.post("/settings/verifiedcolor")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def verifiedcolor(v):
|
||||
|
@ -383,7 +383,7 @@ def verifiedcolor(v):
|
|||
return set_color(v, "verifiedcolor", "verifiedcolor")
|
||||
|
||||
@app.post("/settings/security")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_security_post(v):
|
||||
|
@ -456,7 +456,7 @@ def settings_security_post(v):
|
|||
return render_template("settings/security.html", v=v, msg="Two-factor authentication disabled.")
|
||||
|
||||
@app.post("/settings/log_out_all_others")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_log_out_others(v):
|
||||
|
@ -471,7 +471,7 @@ def settings_log_out_others(v):
|
|||
|
||||
|
||||
@app.post("/settings/images/profile")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_images_profile(v):
|
||||
|
@ -506,7 +506,7 @@ def settings_images_profile(v):
|
|||
|
||||
|
||||
@app.post("/settings/images/banner")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
@feature_required('USERS_PROFILE_BANNER')
|
||||
|
@ -534,7 +534,7 @@ def settings_css_get(v):
|
|||
return render_template("settings/css.html", v=v)
|
||||
|
||||
@app.post("/settings/css")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_css(v):
|
||||
|
@ -548,7 +548,7 @@ def settings_css(v):
|
|||
return render_template("settings/css.html", v=v)
|
||||
|
||||
@app.post("/settings/profilecss")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_profilecss(v):
|
||||
|
@ -597,7 +597,7 @@ def settings_block_user(v):
|
|||
|
||||
|
||||
@app.post("/settings/unblock")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_unblock_user(v):
|
||||
|
@ -621,7 +621,7 @@ def settings_advanced_get(v):
|
|||
return render_template("settings/advanced.html", v=v)
|
||||
|
||||
@app.post("/settings/name_change")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
def settings_name_change(v):
|
||||
|
@ -763,7 +763,7 @@ def settings_song_change(v):
|
|||
return redirect("/settings/personal")
|
||||
|
||||
@app.post("/settings/title_change")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_title_change(v):
|
||||
|
@ -787,7 +787,7 @@ def settings_title_change(v):
|
|||
|
||||
|
||||
@app.post("/settings/pronouns_change")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
@feature_required('PRONOUNS')
|
||||
|
@ -814,7 +814,7 @@ def settings_pronouns_change(v):
|
|||
|
||||
|
||||
@app.post("/settings/checkmark_text")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def settings_checkmark_text(v):
|
||||
|
|
|
@ -386,7 +386,7 @@ def sub_settings(v, sub):
|
|||
|
||||
|
||||
@app.post('/h/<sub>/sidebar')
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
def post_sub_sidebar(v, sub):
|
||||
|
@ -411,7 +411,7 @@ def post_sub_sidebar(v, sub):
|
|||
|
||||
|
||||
@app.post('/h/<sub>/css')
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
def post_sub_css(v, sub):
|
||||
|
|
|
@ -312,14 +312,14 @@ def transfer_currency(v:User, username:str, currency_name:Literal['coins', 'proc
|
|||
return {"message": f"{amount - tax} {friendly_currency_name} have been transferred to @{receiver.username}"}
|
||||
|
||||
@app.post("/@<username>/transfer_coins")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
def transfer_coins(v, username):
|
||||
return transfer_currency(v, username, 'coins', True)
|
||||
|
||||
@app.post("/@<username>/transfer_bux")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@is_not_permabanned
|
||||
@feature_required('PROCOINS')
|
||||
|
@ -392,7 +392,7 @@ def song(song):
|
|||
return resp
|
||||
|
||||
@app.post("/subscribe/<post_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def subscribe(v, post_id):
|
||||
|
@ -403,7 +403,7 @@ def subscribe(v, post_id):
|
|||
return {"message": "Subscribed to post successfully!"}
|
||||
|
||||
@app.post("/unsubscribe/<post_id>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def unsubscribe(v, post_id):
|
||||
|
@ -831,7 +831,7 @@ def u_user_id_info(id, v=None):
|
|||
return user.json
|
||||
|
||||
@app.post("/follow/<username>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def follow_user(username, v):
|
||||
|
@ -858,7 +858,7 @@ def follow_user(username, v):
|
|||
return {"message": f"@{target.username} has been followed!"}
|
||||
|
||||
@app.post("/unfollow/<username>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def unfollow_user(username, v):
|
||||
|
@ -886,7 +886,7 @@ def unfollow_user(username, v):
|
|||
return {"message": f"@{target.username} has been unfollowed!"}
|
||||
|
||||
@app.post("/remove_follow/<username>")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@ratelimit_user()
|
||||
@auth_required
|
||||
def remove_follow(username, v):
|
||||
|
@ -1082,7 +1082,7 @@ kofi_tiers={
|
|||
}
|
||||
|
||||
@app.post("/settings/kofi")
|
||||
@limiter.limit("1/second;30/minute;200/hour;1000/day")
|
||||
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
|
||||
@auth_required
|
||||
def settings_kofi(v):
|
||||
if not (v.email and v.is_activated):
|
||||
|
|
Loading…
Reference in New Issue