forked from rDrama/rDrama
ratelimiting: use ratelimit_user everywhere
parent
88f3cd519d
commit
427d8f643d
|
@ -81,7 +81,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
|
||||||
|
|
||||||
@app.post("/comment")
|
@app.post("/comment")
|
||||||
@limiter.limit("1/second;20/minute;200/hour;1000/day")
|
@limiter.limit("1/second;20/minute;200/hour;1000/day")
|
||||||
@limiter.limit("1/second;20/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;20/minute;200/hour;1000/day")
|
||||||
@auth_required
|
@auth_required
|
||||||
def comment(v):
|
def comment(v):
|
||||||
if v.is_suspended: abort(403, "You can't perform this action while banned.")
|
if v.is_suspended: abort(403, "You can't perform this action while banned.")
|
||||||
|
@ -368,7 +368,7 @@ def comment(v):
|
||||||
|
|
||||||
@app.post("/edit_comment/<cid>")
|
@app.post("/edit_comment/<cid>")
|
||||||
@limiter.limit("1/second;10/minute;100/hour;200/day")
|
@limiter.limit("1/second;10/minute;100/hour;200/day")
|
||||||
@limiter.limit("1/second;10/minute;100/hour;200/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;10/minute;100/hour;200/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def edit_comment(cid, v):
|
def edit_comment(cid, v):
|
||||||
c = get_comment(cid, v=v)
|
c = get_comment(cid, v=v)
|
||||||
|
|
|
@ -310,7 +310,7 @@ def morecomments(v, cid):
|
||||||
|
|
||||||
@app.post("/edit_post/<pid>")
|
@app.post("/edit_post/<pid>")
|
||||||
@limiter.limit("1/second;10/minute;100/hour;200/day")
|
@limiter.limit("1/second;10/minute;100/hour;200/day")
|
||||||
@limiter.limit("1/second;10/minute;100/hour;200/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;10/minute;100/hour;200/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def edit_post(pid, v):
|
def edit_post(pid, v):
|
||||||
p = get_post(pid)
|
p = get_post(pid)
|
||||||
|
@ -1072,7 +1072,7 @@ extensions = IMAGE_FORMATS + VIDEO_FORMATS + AUDIO_FORMATS
|
||||||
|
|
||||||
@app.get("/submit/title")
|
@app.get("/submit/title")
|
||||||
@limiter.limit("3/minute")
|
@limiter.limit("3/minute")
|
||||||
@limiter.limit("3/minute", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("3/minute")
|
||||||
@auth_required
|
@auth_required
|
||||||
def get_post_title(v):
|
def get_post_title(v):
|
||||||
url = request.values.get("url")
|
url = request.values.get("url")
|
||||||
|
|
|
@ -580,7 +580,7 @@ def settings_security(v):
|
||||||
|
|
||||||
@app.post("/settings/block")
|
@app.post("/settings/block")
|
||||||
@limiter.limit("1/second;20/day")
|
@limiter.limit("1/second;20/day")
|
||||||
@limiter.limit("1/second;20/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;20/day")
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_block_user(v):
|
def settings_block_user(v):
|
||||||
user = get_user(request.values.get("username"), graceful=True)
|
user = get_user(request.values.get("username"), graceful=True)
|
||||||
|
@ -670,7 +670,7 @@ def settings_name_change(v):
|
||||||
@app.post("/settings/song_change_mp3")
|
@app.post("/settings/song_change_mp3")
|
||||||
@feature_required('USERS_PROFILE_SONG')
|
@feature_required('USERS_PROFILE_SONG')
|
||||||
@limiter.limit("3/second;10/day")
|
@limiter.limit("3/second;10/day")
|
||||||
@limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("3/second;10/day")
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_song_change_mp3(v):
|
def settings_song_change_mp3(v):
|
||||||
file = request.files['file']
|
file = request.files['file']
|
||||||
|
@ -698,7 +698,7 @@ def settings_song_change_mp3(v):
|
||||||
@app.post("/settings/song_change")
|
@app.post("/settings/song_change")
|
||||||
@feature_required('USERS_PROFILE_SONG')
|
@feature_required('USERS_PROFILE_SONG')
|
||||||
@limiter.limit("3/second;10/day")
|
@limiter.limit("3/second;10/day")
|
||||||
@limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("3/second;10/day")
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_song_change(v):
|
def settings_song_change(v):
|
||||||
song=request.values.get("song").strip()
|
song=request.values.get("song").strip()
|
||||||
|
|
|
@ -208,7 +208,7 @@ def contact(v):
|
||||||
|
|
||||||
@app.post("/send_admin")
|
@app.post("/send_admin")
|
||||||
@limiter.limit("1/second;1/2 minutes;10/day")
|
@limiter.limit("1/second;1/2 minutes;10/day")
|
||||||
@limiter.limit("1/second;1/2 minutes;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;1/2 minutes;10/day")
|
||||||
@auth_required
|
@auth_required
|
||||||
def submit_contact(v):
|
def submit_contact(v):
|
||||||
body = request.values.get("message")
|
body = request.values.get("message")
|
||||||
|
|
|
@ -232,7 +232,7 @@ def sub_followers(v, sub):
|
||||||
|
|
||||||
@app.post("/h/<sub>/add_mod")
|
@app.post("/h/<sub>/add_mod")
|
||||||
@limiter.limit("1/second;30/day")
|
@limiter.limit("1/second;30/day")
|
||||||
@limiter.limit("1/second;30/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;30/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def add_mod(v, sub):
|
def add_mod(v, sub):
|
||||||
if SITE_NAME == 'WPD': abort(403)
|
if SITE_NAME == 'WPD': abort(403)
|
||||||
|
@ -457,7 +457,7 @@ def get_sub_css(sub):
|
||||||
|
|
||||||
@app.post("/h/<sub>/banner")
|
@app.post("/h/<sub>/banner")
|
||||||
@limiter.limit("1/second;10/day")
|
@limiter.limit("1/second;10/day")
|
||||||
@limiter.limit("1/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;10/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def sub_banner(v, sub):
|
def sub_banner(v, sub):
|
||||||
if g.is_tor: abort(403, "Image uploads are not allowed through TOR.")
|
if g.is_tor: abort(403, "Image uploads are not allowed through TOR.")
|
||||||
|
@ -490,7 +490,7 @@ def sub_banner(v, sub):
|
||||||
|
|
||||||
@app.post("/h/<sub>/sidebar_image")
|
@app.post("/h/<sub>/sidebar_image")
|
||||||
@limiter.limit("1/second;10/day")
|
@limiter.limit("1/second;10/day")
|
||||||
@limiter.limit("1/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;10/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def sub_sidebar(v, sub):
|
def sub_sidebar(v, sub):
|
||||||
if g.is_tor: abort(403, "Image uploads are not allowed through TOR.")
|
if g.is_tor: abort(403, "Image uploads are not allowed through TOR.")
|
||||||
|
@ -522,7 +522,7 @@ def sub_sidebar(v, sub):
|
||||||
|
|
||||||
@app.post("/h/<sub>/marsey_image")
|
@app.post("/h/<sub>/marsey_image")
|
||||||
@limiter.limit("1/second;10/day")
|
@limiter.limit("1/second;10/day")
|
||||||
@limiter.limit("1/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;10/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def sub_marsey(v, sub):
|
def sub_marsey(v, sub):
|
||||||
if g.is_tor: abort(403, "Image uploads are not allowed through TOR.")
|
if g.is_tor: abort(403, "Image uploads are not allowed through TOR.")
|
||||||
|
|
|
@ -255,7 +255,7 @@ def downvoting(v, username):
|
||||||
@app.post("/@<username>/suicide")
|
@app.post("/@<username>/suicide")
|
||||||
@feature_required('USERS_SUICIDE')
|
@feature_required('USERS_SUICIDE')
|
||||||
@limiter.limit("1/second;5/day")
|
@limiter.limit("1/second;5/day")
|
||||||
@limiter.limit("1/second;5/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;5/day")
|
||||||
@auth_required
|
@auth_required
|
||||||
def suicide(v, username):
|
def suicide(v, username):
|
||||||
|
|
||||||
|
@ -416,7 +416,7 @@ def unsubscribe(v, post_id):
|
||||||
|
|
||||||
@app.post("/@<username>/message")
|
@app.post("/@<username>/message")
|
||||||
@limiter.limit("1/second;10/minute;20/hour;50/day")
|
@limiter.limit("1/second;10/minute;20/hour;50/day")
|
||||||
@limiter.limit("1/second;10/minute;20/hour;50/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;10/minute;20/hour;50/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def message2(v, username):
|
def message2(v, username):
|
||||||
user = get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
|
user = get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
|
||||||
|
@ -481,7 +481,7 @@ def message2(v, username):
|
||||||
|
|
||||||
@app.post("/reply")
|
@app.post("/reply")
|
||||||
@limiter.limit("1/second;6/minute;50/hour;200/day")
|
@limiter.limit("1/second;6/minute;50/hour;200/day")
|
||||||
@limiter.limit("1/second;6/minute;50/hour;200/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("1/second;6/minute;50/hour;200/day")
|
||||||
@auth_required
|
@auth_required
|
||||||
def messagereply(v):
|
def messagereply(v):
|
||||||
body = sanitize_raw_body(request.values.get("body"), False)
|
body = sanitize_raw_body(request.values.get("body"), False)
|
||||||
|
|
|
@ -166,14 +166,14 @@ def vote_post_comment(target_id, new, v, cls, vote_cls):
|
||||||
|
|
||||||
@app.post("/vote/post/<post_id>/<new>")
|
@app.post("/vote/post/<post_id>/<new>")
|
||||||
@limiter.limit("5/second;60/minute;1000/hour;2000/day")
|
@limiter.limit("5/second;60/minute;1000/hour;2000/day")
|
||||||
@limiter.limit("5/second;60/minute;1000/hour;2000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("5/second;60/minute;1000/hour;2000/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def vote_post(post_id, new, v):
|
def vote_post(post_id, new, v):
|
||||||
return vote_post_comment(post_id, new, v, Submission, Vote)
|
return vote_post_comment(post_id, new, v, Submission, Vote)
|
||||||
|
|
||||||
@app.post("/vote/comment/<comment_id>/<new>")
|
@app.post("/vote/comment/<comment_id>/<new>")
|
||||||
@limiter.limit("5/second;60/minute;1000/hour;2000/day")
|
@limiter.limit("5/second;60/minute;1000/hour;2000/day")
|
||||||
@limiter.limit("5/second;60/minute;1000/hour;2000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
|
@ratelimit_user("5/second;60/minute;1000/hour;2000/day")
|
||||||
@is_not_permabanned
|
@is_not_permabanned
|
||||||
def vote_comment(comment_id, new, v):
|
def vote_comment(comment_id, new, v):
|
||||||
return vote_post_comment(comment_id, new, v, Comment, CommentVote)
|
return vote_post_comment(comment_id, new, v, Comment, CommentVote)
|
||||||
|
|
Loading…
Reference in New Issue