From 4ba2098612b330dc692c3362a55bda76cb299b4d Mon Sep 17 00:00:00 2001
From: TLSM <duolsm@outlook.com>
Date: Mon, 30 May 2022 23:01:18 -0400
Subject: [PATCH] Rate limiter: whitelist admins.

Due to presently hitting perpetual 429s after a mishap with lottery
polling on production, among past events where admins have gotten
rate-limited for doing otherwise normal admin behavior, the
flask_limiter.Limiter now has a request filter to whitelist JL2+.
Despite running on every request, I don't anticipate this undermining
the DoS prevention power of the Limiter.

It is yet unknown whether there are edge cases where running
get_logged_in_user in a different spot in the request pipeline might
e.g. subtly break the logged-in counters. This is not expected at
present, however.
---
 files/helpers/wrappers.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py
index f57601a08e..1f782cafbe 100644
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@@ -1,10 +1,17 @@
 from .get import *
 from .alerts import *
 from files.helpers.const import *
-from files.__main__ import db_session
+from files.__main__ import db_session, limiter
 from random import randint
 import user_agents
 
+@limiter.request_filter
+def limiter_whitelist_admins():
+	v = get_logged_in_user()
+	if not v:
+		return False
+	return v.admin_level >= 2
+
 def get_logged_in_user():
 
 	if hasattr(g, 'v'): return g.v