aggressive ratelimit for anything that sends mail to prevent email services flagging us as spam
parent
0ae54086dd
commit
25e2a3388e
|
@ -495,7 +495,7 @@ def lost_2fa(v):
|
|||
|
||||
@app.post("/lost_2fa")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit("6/minute;200/hour;1000/day", deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit("3/day", deduct_when=lambda response: response.status_code < 400)
|
||||
def lost_2fa_post():
|
||||
username = request.values.get("username")
|
||||
user = get_user(username, graceful=True)
|
||||
|
|
|
@ -12,8 +12,8 @@ from files.__main__ import app, limiter
|
|||
@app.post("/verify_email")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@limiter.limit('3/day', deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit('3/day', deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def verify_email(v):
|
||||
if v.email_verified:
|
||||
|
|
|
@ -492,8 +492,8 @@ def verifiedcolor(v):
|
|||
@app.post("/settings/security")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@limiter.limit('10/day', deduct_when=lambda response: response.status_code < 400)
|
||||
@limiter.limit('10/day', deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||
@auth_required
|
||||
def settings_security_post(v):
|
||||
if request.values.get("new_password"):
|
||||
|
|
Loading…
Reference in New Issue