decrease edit and delete ratelimits to hinder mass-deleting and mass-editing

master
Aevann 2023-09-01 11:23:49 +03:00
parent 174adfd179
commit c2c9c79e20
3 changed files with 9 additions and 8 deletions

View File

@ -50,6 +50,7 @@ class Service(Enum):
DEFAULT_RATELIMIT = "30/minute;200/hour;1000/day" DEFAULT_RATELIMIT = "30/minute;200/hour;1000/day"
CASINO_RATELIMIT = "100/minute;5000/hour;20000/day" CASINO_RATELIMIT = "100/minute;5000/hour;20000/day"
DELETE_EDIT_RATELIMIT = "10/minute;50/day"
PUSH_NOTIF_LIMIT = 1000 PUSH_NOTIF_LIMIT = 1000

View File

@ -424,8 +424,8 @@ def comment(v):
@app.post("/delete/comment/<int:cid>") @app.post("/delete/comment/<int:cid>")
@limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID) @limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
@auth_required @auth_required
def delete_comment(cid, v): def delete_comment(cid, v):
if SITE == 'rdrama.net' and v.id == 253: if SITE == 'rdrama.net' and v.id == 253:
@ -625,8 +625,8 @@ def toggle_comment_nsfw(cid, v):
@app.post("/edit_comment/<int:cid>") @app.post("/edit_comment/<int:cid>")
@limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID) @limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
@is_not_permabanned @is_not_permabanned
def edit_comment(cid, v): def edit_comment(cid, v):
c = get_comment(cid, v=v) c = get_comment(cid, v=v)

View File

@ -686,8 +686,8 @@ def submit_post(v, sub=None):
@app.post("/delete/post/<int:pid>") @app.post("/delete/post/<int:pid>")
@limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID) @limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
@auth_required @auth_required
def delete_post_pid(pid, v): def delete_post_pid(pid, v):
p = get_post(pid) p = get_post(pid)
@ -950,8 +950,8 @@ def get_post_title(v):
@app.post("/edit_post/<int:pid>") @app.post("/edit_post/<int:pid>")
@limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath)
@limiter.limit('1/second', scope=rpath, key_func=get_ID) @limiter.limit('1/second', scope=rpath, key_func=get_ID)
@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
@is_not_permabanned @is_not_permabanned
def edit_post(pid, v): def edit_post(pid, v):
p = get_post(pid) p = get_post(pid)