aggressive ratelimit for anything that sends mail to prevent email services flagging us as spam
parent
0ae54086dd
commit
25e2a3388e
|
@ -495,7 +495,7 @@ def lost_2fa(v):
|
||||||
|
|
||||||
@app.post("/lost_2fa")
|
@app.post("/lost_2fa")
|
||||||
@limiter.limit('1/second', scope=rpath)
|
@limiter.limit('1/second', scope=rpath)
|
||||||
@limiter.limit("6/minute;200/hour;1000/day", deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit("3/day", deduct_when=lambda response: response.status_code < 400)
|
||||||
def lost_2fa_post():
|
def lost_2fa_post():
|
||||||
username = request.values.get("username")
|
username = request.values.get("username")
|
||||||
user = get_user(username, graceful=True)
|
user = get_user(username, graceful=True)
|
||||||
|
|
|
@ -12,8 +12,8 @@ from files.__main__ import app, limiter
|
||||||
@app.post("/verify_email")
|
@app.post("/verify_email")
|
||||||
@limiter.limit('1/second', scope=rpath)
|
@limiter.limit('1/second', scope=rpath)
|
||||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit('3/day', deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit('3/day', deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def verify_email(v):
|
def verify_email(v):
|
||||||
if v.email_verified:
|
if v.email_verified:
|
||||||
|
|
|
@ -492,8 +492,8 @@ def verifiedcolor(v):
|
||||||
@app.post("/settings/security")
|
@app.post("/settings/security")
|
||||||
@limiter.limit('1/second', scope=rpath)
|
@limiter.limit('1/second', scope=rpath)
|
||||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit('10/day', deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit('10/day', deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_security_post(v):
|
def settings_security_post(v):
|
||||||
if request.values.get("new_password"):
|
if request.values.get("new_password"):
|
||||||
|
|
Loading…
Reference in New Issue