From 6bf8f67d0ff9ae04f965804eb84e94cfb477c5df Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Thu, 10 Aug 2023 00:09:15 +0300
Subject: [PATCH] disable signups when ddos detected

---
 files/routes/errors.py | 3 ++-
 files/routes/login.py  | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/files/routes/errors.py b/files/routes/errors.py
index 1e483d8933..b47e7edc88 100644
--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@@ -48,7 +48,8 @@ def error_401(e):
 		qs = urlencode(dict(request.values))
 		argval = quote(f"{path}?{qs}", safe='').replace('/logged_out','')
 		if not argval: argval = '/'
-		if session.get("history") or not get_setting("signups"): return redirect(f"/login?redirect={argval}")
+		if session.get("history") or not get_setting("signups") or get_setting("ddos_detected"):
+			return redirect(f"/login?redirect={argval}")
 		else: return redirect(f"/signup?redirect={argval}")
 
 @app.errorhandler(500)
diff --git a/files/routes/login.py b/files/routes/login.py
index 084dca64d7..097c23cc2c 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -146,7 +146,7 @@ def logout(v):
 @limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
 @auth_desired
 def sign_up_get(v):
-	if not get_setting('signups'):
+	if not get_setting('signups') or get_setting("ddos_detected"):
 		abort(403, "New account registration is currently closed. Please come back later!")
 
 	if v: return redirect(SITE_FULL)
@@ -195,7 +195,7 @@ def sign_up_get(v):
 @limiter.limit("10/day", deduct_when=lambda response: response.status_code < 400)
 @auth_desired
 def sign_up_post(v):
-	if not get_setting('signups'):
+	if not get_setting('signups') or get_setting("ddos_detected"):
 		abort(403, "New account registration is currently closed. Please come back later!")
 
 	if v: abort(403)