add 1/1 second ratelimiter for user ids to fix blackjack exploit
parent
0ce52ec78a
commit
5bc6597188
|
|
@ -77,6 +77,7 @@ def edit_rules_get(v):
|
|||
|
||||
@app.post('/admin/edit_rules')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("30/minute;200/hour;1000/day")
|
||||
@limiter.limit("30/minute;200/hour;1000/day", key_func=get_ID)
|
||||
@admin_level_required(PERMS['EDIT_RULES'])
|
||||
|
|
@ -96,6 +97,7 @@ def edit_rules_post(v):
|
|||
|
||||
@app.post("/@<username>/make_admin")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['ADMIN_ADD'])
|
||||
|
|
@ -119,6 +121,7 @@ def make_admin(v:User, username):
|
|||
|
||||
@app.post("/@<username>/remove_admin")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['ADMIN_REMOVE'])
|
||||
|
|
@ -148,6 +151,7 @@ def remove_admin(v:User, username):
|
|||
|
||||
@app.post("/distribute/<kind>/<int:option_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_BETS_DISTRIBUTE'])
|
||||
|
|
@ -217,6 +221,7 @@ def distribute(v:User, kind, option_id):
|
|||
|
||||
@app.post("/@<username>/revert_actions")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['ADMIN_ACTIONS_REVERT'])
|
||||
|
|
@ -367,6 +372,7 @@ def admin_home(v):
|
|||
|
||||
@app.post("/admin/site_settings/<setting>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['SITE_SETTINGS'])
|
||||
|
|
@ -396,6 +402,7 @@ def change_settings(v:User, setting):
|
|||
|
||||
@app.post("/admin/clear_cloudflare_cache")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['SITE_CACHE_PURGE_CDN'])
|
||||
|
|
@ -434,6 +441,7 @@ def badge_grant_get(v):
|
|||
@app.post("/admin/badge_grant")
|
||||
@feature_required('BADGES')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BADGES'])
|
||||
|
|
@ -505,6 +513,7 @@ def badge_grant_post(v):
|
|||
@app.post("/admin/badge_remove")
|
||||
@feature_required('BADGES')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BADGES'])
|
||||
|
|
@ -657,6 +666,7 @@ def admin_view_alts(v:User, username=None):
|
|||
|
||||
@app.post('/@<username>/alts/')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_LINK'])
|
||||
|
|
@ -693,6 +703,7 @@ def admin_add_alt(v:User, username):
|
|||
|
||||
@app.post('/@<username>/alts/<int:other>/deleted')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_LINK'])
|
||||
|
|
@ -760,6 +771,7 @@ def admin_removed_comments(v):
|
|||
|
||||
@app.post("/unchud_user/<id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_AGENDAPOSTER'])
|
||||
|
|
@ -802,6 +814,7 @@ def unagendaposter(id, v):
|
|||
|
||||
@app.post("/shadowban/<int:user_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_SHADOWBAN'])
|
||||
|
|
@ -838,6 +851,7 @@ def shadowban(user_id, v):
|
|||
|
||||
@app.post("/unshadowban/<int:user_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_SHADOWBAN'])
|
||||
|
|
@ -866,6 +880,7 @@ def unshadowban(user_id, v):
|
|||
|
||||
@app.post("/admin/title_change/<int:user_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_TITLE_CHANGE'])
|
||||
|
|
@ -911,6 +926,7 @@ def admin_title_change(user_id, v):
|
|||
|
||||
@app.post("/ban_user/<id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
|
|
@ -1005,6 +1021,7 @@ def ban_user(id, v):
|
|||
|
||||
@app.post("/chud_user/<id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_AGENDAPOSTER'])
|
||||
|
|
@ -1104,6 +1121,7 @@ def agendaposter(id, v):
|
|||
|
||||
@app.post("/unban_user/<id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
|
|
@ -1150,6 +1168,7 @@ def unban_user(id, v):
|
|||
|
||||
@app.post("/mute_user/<int:user_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
|
|
@ -1172,6 +1191,7 @@ def mute_user(v:User, user_id):
|
|||
|
||||
@app.post("/unmute_user/<int:user_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BAN'])
|
||||
|
|
@ -1192,6 +1212,7 @@ def unmute_user(v:User, user_id):
|
|||
|
||||
@app.post("/admin/progstack/post/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['PROGSTACK'])
|
||||
|
|
@ -1213,6 +1234,7 @@ def progstack_post(post_id, v):
|
|||
|
||||
@app.post("/admin/unprogstack/post/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['PROGSTACK'])
|
||||
|
|
@ -1232,6 +1254,7 @@ def unprogstack_post(post_id, v):
|
|||
|
||||
@app.post("/admin/progstack/comment/<int:comment_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['PROGSTACK'])
|
||||
|
|
@ -1253,6 +1276,7 @@ def progstack_comment(comment_id, v):
|
|||
|
||||
@app.post("/admin/unprogstack/comment/<int:comment_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['PROGSTACK'])
|
||||
|
|
@ -1272,6 +1296,7 @@ def unprogstack_comment(comment_id, v):
|
|||
|
||||
@app.post("/remove_post/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1302,6 +1327,7 @@ def remove_post(post_id, v):
|
|||
|
||||
@app.post("/approve_post/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1335,6 +1361,7 @@ def approve_post(post_id, v):
|
|||
|
||||
@app.post("/distinguish/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_DISTINGUISH'])
|
||||
|
|
@ -1365,6 +1392,7 @@ def distinguish_post(post_id, v):
|
|||
@app.post("/sticky/<int:post_id>")
|
||||
@feature_required('PINS')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1411,6 +1439,7 @@ def sticky_post(post_id, v):
|
|||
|
||||
@app.post("/unsticky/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1442,6 +1471,7 @@ def unsticky_post(post_id, v):
|
|||
|
||||
@app.post("/sticky_comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1480,6 +1510,7 @@ def sticky_comment(cid, v):
|
|||
|
||||
@app.post("/unsticky_comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1514,6 +1545,7 @@ def unsticky_comment(cid, v):
|
|||
|
||||
@app.post("/remove_comment/<int:c_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1536,6 +1568,7 @@ def remove_comment(c_id, v):
|
|||
|
||||
@app.post("/approve_comment/<int:c_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1564,6 +1597,7 @@ def approve_comment(c_id, v):
|
|||
|
||||
@app.post("/distinguish_comment/<int:c_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_DISTINGUISH'])
|
||||
|
|
@ -1602,6 +1636,7 @@ def admin_banned_domains(v):
|
|||
|
||||
@app.post("/admin/ban_domain")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['DOMAINS_BAN'])
|
||||
|
|
@ -1635,6 +1670,7 @@ def ban_domain(v):
|
|||
|
||||
@app.post("/admin/unban_domain/<path:domain>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['DOMAINS_BAN'])
|
||||
|
|
@ -1656,6 +1692,7 @@ def unban_domain(v:User, domain):
|
|||
|
||||
@app.post("/admin/nuke_user")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1691,6 +1728,7 @@ def admin_nuke_user(v):
|
|||
|
||||
@app.post("/admin/unnuke_user")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
|
||||
|
|
@ -1727,6 +1765,7 @@ def admin_nunuke_user(v):
|
|||
|
||||
@app.post("/blacklist/<int:user_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BLACKLIST'])
|
||||
|
|
@ -1749,6 +1788,7 @@ def blacklist_user(user_id, v):
|
|||
|
||||
@app.post("/unblacklist/<int:user_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['USER_BLACKLIST'])
|
||||
|
|
@ -1779,6 +1819,7 @@ def delete_media_get(v):
|
|||
|
||||
@app.post("/admin/delete_media")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("50/day")
|
||||
@limiter.limit("50/day", key_func=get_ID)
|
||||
@admin_level_required(PERMS['DELETE_MEDIA'])
|
||||
|
|
|
|||
|
|
@ -61,6 +61,8 @@ def after_request(response:Response):
|
|||
|
||||
if request.method == "POST" and not request.path.startswith('/casino/twentyone/'):
|
||||
r.delete(f'LIMITER/{get_CF()}/{request.endpoint}:{request.path}/1/1/second')
|
||||
if g.v:
|
||||
r.delete(f'LIMITER/{SITE}-{g.v.id}/{request.endpoint}:{request.path}/1/1/second')
|
||||
|
||||
return response
|
||||
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ def submit_emojis(v:User):
|
|||
|
||||
@app.post("/submit/emojis")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -114,6 +115,7 @@ def verify_permissions_and_get_asset(cls, asset_type:str, v:User, name:str, make
|
|||
|
||||
@app.post("/admin/approve/emoji/<name>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_ASSETS'])
|
||||
|
|
@ -253,6 +255,7 @@ def remove_asset(cls, type_name:str, v:User, name:str) -> dict[str, str]:
|
|||
|
||||
@app.post("/remove/emoji/<name>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -273,6 +276,7 @@ def submit_hats(v:User):
|
|||
|
||||
@app.post("/submit/hats")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -331,6 +335,7 @@ def submit_hat(v:User):
|
|||
|
||||
@app.post("/admin/approve/hat/<name>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("120/minute;200/hour;1000/day")
|
||||
@limiter.limit("120/minute;200/hour;1000/day", key_func=get_ID)
|
||||
@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_ASSETS'])
|
||||
|
|
@ -403,6 +408,7 @@ def approve_hat(v, name):
|
|||
|
||||
@app.post("/remove/hat/<name>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -419,6 +425,7 @@ def update_emojis(v):
|
|||
|
||||
@app.post("/admin/update/emojis")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['UPDATE_ASSETS'])
|
||||
|
|
@ -501,6 +508,7 @@ def update_hats(v):
|
|||
|
||||
@app.post("/admin/update/hats")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['UPDATE_ASSETS'])
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ def shop(v:User):
|
|||
|
||||
@app.post("/buy/<award>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("100/minute;200/hour;1000/day")
|
||||
@limiter.limit("100/minute;200/hour;1000/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -136,6 +137,7 @@ def buy(v:User, award):
|
|||
|
||||
@app.post("/award/<thing_type>/<int:id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@ def lottershe(v:User):
|
|||
# Slots
|
||||
@app.post("/casino/slots")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(CASINO_RATELIMIT)
|
||||
@limiter.limit(CASINO_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -114,6 +115,7 @@ def pull_slots(v:User):
|
|||
# 21
|
||||
@app.post("/casino/twentyone/deal")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(CASINO_RATELIMIT)
|
||||
@limiter.limit(CASINO_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -135,6 +137,7 @@ def blackjack_deal_to_player(v:User):
|
|||
|
||||
@app.post("/casino/twentyone/hit")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(CASINO_RATELIMIT)
|
||||
@limiter.limit(CASINO_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -152,6 +155,7 @@ def blackjack_player_hit(v:User):
|
|||
|
||||
@app.post("/casino/twentyone/stay")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(CASINO_RATELIMIT)
|
||||
@limiter.limit(CASINO_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -169,6 +173,7 @@ def blackjack_player_stay(v:User):
|
|||
|
||||
@app.post("/casino/twentyone/double-down")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(CASINO_RATELIMIT)
|
||||
@limiter.limit(CASINO_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -186,6 +191,7 @@ def blackjack_player_doubled_down(v:User):
|
|||
|
||||
@app.post("/casino/twentyone/buy-insurance")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(CASINO_RATELIMIT)
|
||||
@limiter.limit(CASINO_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -216,6 +222,7 @@ def roulette_get_bets(v:User):
|
|||
|
||||
@app.post("/casino/roulette/place-bet")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(CASINO_RATELIMIT)
|
||||
@limiter.limit(CASINO_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -84,6 +84,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
|
|||
|
||||
@app.post("/comment")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("20/minute;200/hour;1000/day")
|
||||
@limiter.limit("20/minute;200/hour;1000/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -388,6 +389,7 @@ def comment(v:User):
|
|||
|
||||
@app.post("/delete/comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -410,6 +412,7 @@ def delete_comment(cid, v):
|
|||
|
||||
@app.post("/undelete/comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -431,6 +434,7 @@ def undelete_comment(cid, v):
|
|||
@app.post("/pin_comment/<int:cid>")
|
||||
@feature_required('PINS')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -456,6 +460,7 @@ def pin_comment(cid, v):
|
|||
|
||||
@app.post("/unpin_comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -480,6 +485,7 @@ def unpin_comment(cid, v):
|
|||
|
||||
@app.post("/save_comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -498,6 +504,7 @@ def save_comment(cid, v):
|
|||
|
||||
@app.post("/unsave_comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -535,6 +542,7 @@ def diff_words(answer, guess):
|
|||
|
||||
@app.post("/wordle/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -569,6 +577,7 @@ def handle_wordle_action(cid, v):
|
|||
@app.post("/toggle_comment_nsfw/<int:cid>")
|
||||
@feature_required('NSFW_MARKING')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -606,6 +615,7 @@ def toggle_comment_nsfw(cid, v):
|
|||
|
||||
@app.post("/edit_comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/minute;100/hour;200/day")
|
||||
@limiter.limit("10/minute;100/hour;200/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ def error_500(e):
|
|||
|
||||
@app.post("/allow_nsfw")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
def allow_nsfw():
|
||||
session["over_18"] = int(time.time()) + 3600
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ def ping_groups(v:User):
|
|||
|
||||
@app.post("/create_group")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -60,6 +61,7 @@ def create_group(v):
|
|||
|
||||
@app.post("/!<group_name>/apply")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -78,6 +80,7 @@ def join_group(v:User, group_name):
|
|||
|
||||
@app.post("/!<group_name>/leave")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -130,6 +133,7 @@ def memberships(v:User, group_name):
|
|||
|
||||
@app.post("/!<group_name>/<user_id>/approve")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -155,6 +159,7 @@ def group_approve(v:User, group_name, user_id):
|
|||
|
||||
@app.post("/!<group_name>/<user_id>/reject")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ def hats(v:User):
|
|||
|
||||
@app.post("/buy_hat/<int:hat_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit('100/minute;1000/3 days')
|
||||
@limiter.limit('100/minute;1000/3 days', key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -83,6 +84,7 @@ def buy_hat(v:User, hat_id):
|
|||
|
||||
@app.post("/equip_hat/<int:hat_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -100,6 +102,7 @@ def equip_hat(v:User, hat_id):
|
|||
|
||||
@app.post("/unequip_hat/<int:hat_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ def login_deduct_when(resp):
|
|||
|
||||
@app.post("/login")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@auth_desired
|
||||
@limiter.limit("6/minute;10/day", deduct_when=login_deduct_when)
|
||||
|
|
@ -140,6 +141,7 @@ def me(v:User):
|
|||
|
||||
@app.post("/logout")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -200,6 +202,7 @@ def sign_up_get(v:Optional[User]):
|
|||
|
||||
@app.post("/signup")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/day")
|
||||
@auth_desired
|
||||
def sign_up_post(v:Optional[User]):
|
||||
|
|
@ -374,6 +377,7 @@ def get_forgot():
|
|||
|
||||
@app.post("/forgot")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
def post_forgot():
|
||||
|
||||
|
|
@ -440,6 +444,7 @@ def get_reset():
|
|||
|
||||
@app.post("/reset")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@auth_desired
|
||||
def post_reset(v:Optional[User]):
|
||||
|
|
@ -487,6 +492,7 @@ def lost_2fa(v:Optional[User]):
|
|||
|
||||
@app.post("/lost_2fa")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("6/minute;200/hour;1000/day")
|
||||
def lost_2fa_post():
|
||||
username=request.values.get("username")
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ from files.__main__ import app, limiter
|
|||
|
||||
@app.post("/lottery/end")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['LOTTERY_ADMIN'])
|
||||
|
|
@ -18,6 +19,7 @@ def lottery_end(v):
|
|||
|
||||
@app.post("/lottery/start")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['LOTTERY_ADMIN'])
|
||||
|
|
@ -28,6 +30,7 @@ def lottery_start(v):
|
|||
|
||||
@app.post("/lottery/buy")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("100/minute;500/hour;1000/day")
|
||||
@limiter.limit("100/minute;500/hour;1000/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ from files.__main__ import app, limiter
|
|||
|
||||
@app.post("/verify_email")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ from files.__main__ import app
|
|||
|
||||
@app.post("/clear")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ def authorize_prompt(v:User):
|
|||
|
||||
@app.post("/authorize")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -40,6 +41,7 @@ def authorize(v):
|
|||
|
||||
@app.post("/rescind/<int:aid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -53,6 +55,7 @@ def rescind(v, aid):
|
|||
|
||||
@app.post("/api_keys")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -95,6 +98,7 @@ def request_api_keys(v):
|
|||
|
||||
@app.post("/delete_app/<int:aid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -119,6 +123,7 @@ def delete_oauth_app(v, aid):
|
|||
|
||||
@app.post("/edit_app/<int:aid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -144,6 +149,7 @@ def edit_oauth_app(v, aid):
|
|||
|
||||
@app.post("/admin/app/approve/<int:aid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['APPS_MODERATION'])
|
||||
|
|
@ -182,6 +188,7 @@ def admin_app_approve(v, aid):
|
|||
|
||||
@app.post("/admin/app/revoke/<int:aid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['APPS_MODERATION'])
|
||||
|
|
@ -209,6 +216,7 @@ def admin_app_revoke(v, aid):
|
|||
|
||||
@app.post("/admin/app/reject/<int:aid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@admin_level_required(PERMS['APPS_MODERATION'])
|
||||
|
|
@ -303,6 +311,7 @@ def admin_apps_list(v):
|
|||
|
||||
@app.post("/reroll/<int:aid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ from files.__main__ import app
|
|||
|
||||
@app.post("/vote/post/option/<int:option_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -57,6 +58,7 @@ def vote_option(option_id, v):
|
|||
|
||||
@app.post("/vote/comment/option/<int:option_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWe
|
|||
|
||||
@app.post("/publish/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -383,6 +384,7 @@ def thumbnail_thread(pid:int, vid:int):
|
|||
|
||||
@app.post("/is_repost")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
def is_repost():
|
||||
not_a_repost = {'permalink': ''}
|
||||
|
|
@ -429,6 +431,7 @@ def is_repost():
|
|||
@app.post("/submit")
|
||||
@app.post("/h/<sub>/submit")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(POST_RATELIMIT)
|
||||
@limiter.limit(POST_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -710,6 +713,7 @@ def submit_post(v:User, sub=None):
|
|||
|
||||
@app.post("/delete_post/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -737,6 +741,7 @@ def delete_post_pid(pid, v):
|
|||
|
||||
@app.post("/undelete_post/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -760,6 +765,7 @@ def undelete_post_pid(pid, v):
|
|||
@app.post("/mark_post_nsfw/<int:pid>")
|
||||
@feature_required('NSFW_MARKING')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -798,6 +804,7 @@ def mark_post_nsfw(pid, v):
|
|||
@app.post("/unmark_post_nsfw/<int:pid>")
|
||||
@feature_required('NSFW_MARKING')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -835,6 +842,7 @@ def unmark_post_nsfw(pid, v):
|
|||
|
||||
@app.post("/save_post/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -852,6 +860,7 @@ def save_post(pid, v):
|
|||
|
||||
@app.post("/unsave_post/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -868,6 +877,7 @@ def unsave_post(pid, v):
|
|||
|
||||
@app.post("/pin/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -962,6 +972,7 @@ def get_post_title(v):
|
|||
|
||||
@app.post("/edit_post/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/minute;100/hour;200/day")
|
||||
@limiter.limit("10/minute;100/hour;200/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ from files.classes.push_subscriptions import PushSubscription
|
|||
|
||||
@app.post("/push_subscribe")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ from files.__main__ import app, limiter, cache
|
|||
|
||||
@app.post("/report/post/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -75,6 +76,7 @@ def flag_post(pid, v):
|
|||
|
||||
@app.post("/report/comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -106,6 +108,7 @@ def flag_comment(cid, v):
|
|||
|
||||
@app.post('/del_report/post/<int:pid>/<int:uid>')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("100/minute;300/hour;2000/day")
|
||||
@limiter.limit("100/minute;300/hour;2000/day", key_func=get_ID)
|
||||
@admin_level_required(PERMS['FLAGS_REMOVE'])
|
||||
|
|
@ -131,6 +134,7 @@ def remove_report_post(v, pid, uid):
|
|||
|
||||
@app.post('/del_report/comment/<int:cid>/<int:uid>')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("100/minute;300/hour;2000/day")
|
||||
@limiter.limit("100/minute;300/hour;2000/day", key_func=get_ID)
|
||||
@admin_level_required(PERMS['FLAGS_REMOVE'])
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ def remove_background(v):
|
|||
|
||||
@app.post('/settings/custom_background')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -77,6 +78,7 @@ def upload_custom_background(v):
|
|||
|
||||
@app.post('/settings/profile_background')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -109,6 +111,7 @@ def delete_profile_background(v):
|
|||
|
||||
@app.post("/settings/personal")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -374,6 +377,7 @@ def settings_personal_post(v):
|
|||
|
||||
@app.post("/settings/filters")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -403,6 +407,7 @@ def set_color(v:User, attr:str, color:Optional[str]):
|
|||
|
||||
@app.post("/settings/namecolor")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -411,6 +416,7 @@ def namecolor(v):
|
|||
|
||||
@app.post("/settings/themecolor")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -419,6 +425,7 @@ def themecolor(v):
|
|||
|
||||
@app.post("/settings/titlecolor")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -427,6 +434,7 @@ def titlecolor(v):
|
|||
|
||||
@app.post("/settings/verifiedcolor")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -436,6 +444,7 @@ def verifiedcolor(v):
|
|||
|
||||
@app.post("/settings/security")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -511,6 +520,7 @@ def settings_security_post(v):
|
|||
|
||||
@app.post("/settings/log_out_all_others")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -528,6 +538,7 @@ def settings_log_out_others(v):
|
|||
|
||||
@app.post("/settings/images/profile")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -568,6 +579,7 @@ def settings_images_profile(v):
|
|||
@app.post("/settings/images/banner")
|
||||
@feature_required('USERS_PROFILE_BANNER')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -597,6 +609,7 @@ def settings_css_get(v:User):
|
|||
|
||||
@app.post("/settings/css")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -610,6 +623,7 @@ def settings_css(v):
|
|||
|
||||
@app.post("/settings/profilecss")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -637,6 +651,7 @@ def settings_security(v:User):
|
|||
|
||||
@app.post("/settings/block")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("20/day")
|
||||
@limiter.limit("20/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -665,6 +680,7 @@ def settings_block_user(v):
|
|||
|
||||
@app.post("/settings/unblock")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -694,6 +710,7 @@ def settings_advanced_get(v:User):
|
|||
|
||||
@app.post("/settings/name_change")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -734,6 +751,7 @@ def settings_name_change(v):
|
|||
@app.post("/settings/song_change_mp3")
|
||||
@feature_required('USERS_PROFILE_SONG')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/day")
|
||||
@limiter.limit("10/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -799,6 +817,7 @@ def _change_song_youtube(vid, id):
|
|||
@app.post("/settings/song_change")
|
||||
@feature_required('USERS_PROFILE_SONG')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/day")
|
||||
@limiter.limit("10/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -851,6 +870,7 @@ def settings_song_change(v):
|
|||
|
||||
@app.post("/settings/title_change")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -881,6 +901,7 @@ def settings_title_change(v):
|
|||
@app.post("/settings/pronouns_change")
|
||||
@feature_required('PRONOUNS')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -908,6 +929,7 @@ def settings_pronouns_change(v):
|
|||
|
||||
@app.post("/settings/checkmark_text")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -923,6 +945,7 @@ def settings_checkmark_text(v):
|
|||
if IS_FISTMAS():
|
||||
@app.post("/events/fistmas2022/darkmode")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -253,6 +253,7 @@ def contact(v:Optional[User]):
|
|||
|
||||
@app.post("/contact")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("1/minute;10/day")
|
||||
@limiter.limit("1/minute;10/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -352,6 +353,7 @@ def mobile_app(v:Optional[User]):
|
|||
|
||||
@app.post("/dismiss_mobile_tip")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
def dismiss_mobile_tip():
|
||||
session["tooltip_last_dismissed"] = int(time.time())
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ from files.__main__ import app, cache, limiter
|
|||
|
||||
@app.post("/exile/post/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -43,6 +44,7 @@ def exile_post(v:User, pid):
|
|||
|
||||
@app.post("/exile/comment/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -77,6 +79,7 @@ def exile_comment(v:User, cid):
|
|||
|
||||
@app.post("/h/<sub>/unexile/<int:uid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -108,6 +111,7 @@ def unexile(v:User, sub, uid):
|
|||
|
||||
@app.post("/h/<sub>/block")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -122,6 +126,7 @@ def block_sub(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/unblock")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -140,6 +145,7 @@ def unblock_sub(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/subscribe")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -154,6 +160,7 @@ def subscribe_sub(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/unsubscribe")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -167,6 +174,7 @@ def unsubscribe_sub(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/follow")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -184,6 +192,7 @@ def follow_sub(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/unfollow")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -258,6 +267,7 @@ def sub_followers(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/add_mod")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("30/day")
|
||||
@limiter.limit("30/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -297,6 +307,7 @@ def add_mod(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/remove_mod")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -349,6 +360,7 @@ def create_sub(v):
|
|||
|
||||
@app.post("/create_hole")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -388,6 +400,7 @@ def create_sub2(v):
|
|||
|
||||
@app.post("/kick/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -432,6 +445,7 @@ def sub_settings(v:User, sub):
|
|||
|
||||
@app.post('/h/<sub>/sidebar')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -458,6 +472,7 @@ def post_sub_sidebar(v:User, sub):
|
|||
|
||||
@app.post('/h/<sub>/css')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -500,6 +515,7 @@ def get_sub_css(sub):
|
|||
|
||||
@app.post("/h/<sub>/settings/banners/")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("50/day")
|
||||
@limiter.limit("50/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -588,6 +604,7 @@ def delete_all_sub_banners(v:User, sub:str):
|
|||
|
||||
@app.post("/h/<sub>/sidebar_image")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/day")
|
||||
@limiter.limit("10/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -620,6 +637,7 @@ def sub_sidebar(v:User, sub):
|
|||
|
||||
@app.post("/h/<sub>/marsey_image")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/day")
|
||||
@limiter.limit("10/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -662,6 +680,7 @@ def subs(v:User):
|
|||
|
||||
@app.post("/hole_pin/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -697,6 +716,7 @@ def hole_pin(v:User, pid):
|
|||
|
||||
@app.post("/hole_unpin/<int:pid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -729,6 +749,7 @@ def hole_unpin(v:User, pid):
|
|||
|
||||
@app.post('/h/<sub>/stealth')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -764,6 +785,7 @@ def sub_stealth(v:User, sub):
|
|||
@app.post("/mod_pin/<int:cid>")
|
||||
@feature_required('PINS')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -794,6 +816,7 @@ def mod_pin(cid, v):
|
|||
|
||||
@app.post("/unmod_pin/<int:cid>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
|
|||
|
|
@ -311,6 +311,7 @@ def downvoting(v:User, username:str):
|
|||
@app.post("/@<username>/suicide")
|
||||
@feature_required('USERS_SUICIDE')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("5/day")
|
||||
@limiter.limit("5/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -372,6 +373,7 @@ def transfer_currency(v:User, username:str, currency_name:Literal['coins', 'mars
|
|||
|
||||
@app.post("/@<username>/transfer_coins")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -381,6 +383,7 @@ def transfer_coins(v:User, username:str):
|
|||
@app.post("/@<username>/transfer_bux")
|
||||
@feature_required('MARSEYBUX')
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -471,6 +474,7 @@ def usersong(username:str):
|
|||
|
||||
@app.post("/subscribe/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -483,6 +487,7 @@ def subscribe(v, post_id):
|
|||
|
||||
@app.post("/unsubscribe/<int:post_id>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -494,6 +499,7 @@ def unsubscribe(v, post_id):
|
|||
|
||||
@app.post("/@<username>/message")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("10/minute;20/hour;50/day")
|
||||
@limiter.limit("10/minute;20/hour;50/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -557,6 +563,7 @@ def message2(v:User, username:str):
|
|||
|
||||
@app.post("/reply")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("6/minute;50/hour;200/day")
|
||||
@limiter.limit("6/minute;50/hour;200/day", key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -1069,6 +1076,7 @@ def u_user_id_info(id, v=None):
|
|||
|
||||
@app.post("/follow/<username>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -1096,6 +1104,7 @@ def follow_user(username, v):
|
|||
|
||||
@app.post("/unfollow/<username>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -1127,6 +1136,7 @@ def unfollow_user(username, v):
|
|||
|
||||
@app.post("/remove_follow/<username>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -1222,6 +1232,7 @@ def subscribed_posts(v:User, username):
|
|||
|
||||
@app.post("/fp/<fp>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
@ -1392,6 +1403,7 @@ if KOFI_TOKEN:
|
|||
|
||||
@app.post("/gumroad")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
def gumroad():
|
||||
data = request.values
|
||||
|
|
@ -1431,6 +1443,7 @@ def gumroad():
|
|||
|
||||
@app.post("/settings/claim_rewards")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit(DEFAULT_RATELIMIT)
|
||||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
|
|
|
|||
|
|
@ -187,6 +187,7 @@ def vote_post_comment(target_id, new, v, cls, vote_cls):
|
|||
|
||||
@app.post("/vote/post/<int:post_id>/<new>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("60/minute;1000/hour;2000/day")
|
||||
@limiter.limit("60/minute;1000/hour;2000/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
@ -195,6 +196,7 @@ def vote_post(post_id, new, v):
|
|||
|
||||
@app.post("/vote/comment/<int:comment_id>/<new>")
|
||||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||
@limiter.limit("60/minute;1000/hour;2000/day")
|
||||
@limiter.limit("60/minute;1000/hour;2000/day", key_func=get_ID)
|
||||
@is_not_permabanned
|
||||
|
|
|
|||
Loading…
Reference in New Issue