default ratelimit and default ratelimit slower

2022-11-13 00:43:35 -06:00 · 2022-11-13 00:43:35 -06:00 · aa272729f1
parent a84a20a12b
commit aa272729f1
13 changed files with 83 additions and 79 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -53,6 +53,10 @@ CONTENT_SECURITY_POLICY_HOME = f"script-src 'self' 'unsafe-inline' 'unsafe-eval'

 CLOUDFLARE_COOKIE_VALUE = "yes."

+DEFAULT_RATELIMIT = "3/second;30/minute;200/hour;1000/day"
+DEFAULT_RATELIMIT_SLOWER = "1/second;30/minute;200/hour;1000/day"
+DEFAULT_RATELIMIT_USER = DEFAULT_RATELIMIT_SLOWER
+
 if SITE == "localhost": SITE_FULL = 'http://' + SITE
 else: SITE_FULL = 'https://' + SITE

--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -146,5 +146,5 @@ def feature_required(x):
 		return wrapper
 	return wrapper_maker

-def ratelimit_user(limit="1/second;30/minute;200/hour;1000/day"):
+def ratelimit_user(limit=DEFAULT_RATELIMIT_USER):
 	return limiter.limit(limit, key_func=lambda:f'{SITE}-{session.get("lo_user")}')
--- a/files/mail/init.py
+++ b/files/mail/init.py
@ -50,7 +50,7 @@ def send_verification_email(user, email=None):


@app.post("/verify_email")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def verify_email(v):
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -193,7 +193,7 @@ def remove_admin(v, username):
 	return {"message": f"@{user.username} has been removed as admin!"}

@app.post("/distribute/<option_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['POST_BETS_DISTRIBUTE'])
 def distribute(v, option_id):
 	autojanny = get_account(AUTOJANNY_ID)
@ -249,7 +249,7 @@ def distribute(v, option_id):
 	return {"message": f"Each winner has received {coinsperperson} coins!"}

@app.post("/@<username>/revert_actions")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['ADMIN_ACTIONS_REVERT'])
 def revert_actions(v, username):
 	user = get_user(username)
@ -299,7 +299,7 @@ def revert_actions(v, username):
 	return {"message": f"@{user.username}'s admin actions have been reverted!"}

@app.post("/@<username>/club_allow")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_CLUB_ALLOW_BAN'])
 def club_allow(v, username):
 	u = get_user(username, v=v)
@ -325,7 +325,7 @@ def club_allow(v, username):
 	return {"message": f"@{u.username} has been allowed into the {CC_TITLE}!"}

@app.post("/@<username>/club_ban")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_CLUB_ALLOW_BAN'])
 def club_ban(v, username):
 	u = get_user(username, v=v)
@ -528,7 +528,7 @@ def badge_grant_get(v):
 	return render_template("admin/badge_admin.html", v=v, badge_types=badges, grant=grant)

@app.post("/admin/badge_grant")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_BADGES'])
@feature_required('BADGES')
 def badge_grant_post(v):
@ -577,7 +577,7 @@ def badge_grant_post(v):
 	return render_template("admin/badge_admin.html", v=v, badge_types=badges, grant=True, msg=f"{new_badge.name} Badge granted to @{user.username} successfully!")

@app.post("/admin/badge_remove")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_BADGES'])
@feature_required('BADGES')
 def badge_remove_post(v):
@ -740,7 +740,7 @@ def alt_votes_get(v):


@app.post("/admin/link_accounts")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_LINK'])
 def admin_link_accounts(v):
 	u1 = get_account(request.values.get("u1")).id
@ -837,7 +837,7 @@ def unagendaposter(user_id, v):


@app.post("/shadowban/<user_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_SHADOWBAN'])
 def shadowban(user_id, v):
 	user = get_account(user_id)
@ -868,7 +868,7 @@ def shadowban(user_id, v):
 	return {"message": f"@{user.username} has been shadowbanned!"}

@app.post("/unshadowban/<user_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_SHADOWBAN'])
 def unshadowban(user_id, v):
 	user = get_account(user_id)
@ -893,7 +893,7 @@ def unshadowban(user_id, v):


@app.post("/admin/title_change/<user_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_TITLE_CHANGE'])
 def admin_title_change(user_id, v):

@ -929,7 +929,7 @@ def admin_title_change(user_id, v):
 	return {"message": f"@{user.username}'s flair has been changed!"}

@app.post("/ban_user/<user_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_BAN'])
 def ban_user(user_id, v):
 	user = get_account(user_id)
@ -1064,7 +1064,7 @@ def agendaposter(user_id, v):


@app.post("/unban_user/<user_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_BAN'])
 def unban_user(user_id, v):
 	user = get_account(user_id)
@ -1097,7 +1097,7 @@ def unban_user(user_id, v):
 	return {"message": f"@{user.username} has been unbanned!"}

@app.post("/mute_user/<int:user_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_BAN'])
 def mute_user(v, user_id):
 	user = get_account(user_id)
@ -1116,7 +1116,7 @@ def mute_user(v, user_id):


@app.post("/unmute_user/<int:user_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['USER_BAN'])
 def unmute_user(v, user_id):
 	user = get_account(user_id)
@ -1135,7 +1135,7 @@ def unmute_user(v, user_id):


@app.post("/remove_post/<post_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 def remove_post(post_id, v):
 	post = get_post(post_id)
@ -1163,7 +1163,7 @@ def remove_post(post_id, v):


@app.post("/approve_post/<post_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 def approve_post(post_id, v):

@ -1336,7 +1336,7 @@ def unsticky_comment(cid, v):


@app.post("/remove_comment/<c_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 def remove_comment(c_id, v):
 	comment = get_comment(c_id)
@ -1356,7 +1356,7 @@ def remove_comment(c_id, v):


@app.post("/approve_comment/<c_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 def approve_comment(c_id, v):

@ -1418,7 +1418,7 @@ def admin_banned_domains(v):
 	return render_template("admin/banned_domains.html", v=v, banned_domains=banned_domains)

@app.post("/admin/ban_domain")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['DOMAINS_BAN'])
 def ban_domain(v):

@ -1443,7 +1443,7 @@ def ban_domain(v):


@app.post("/admin/unban_domain/<domain>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['DOMAINS_BAN'])
 def unban_domain(v, domain):
 	existing = g.db.get(BannedDomain, domain)
@ -1462,7 +1462,7 @@ def unban_domain(v, domain):


@app.post("/admin/nuke_user")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 def admin_nuke_user(v):

@ -1495,7 +1495,7 @@ def admin_nuke_user(v):


@app.post("/admin/unnuke_user")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 def admin_nunuke_user(v):

--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@ -120,7 +120,7 @@ def buy(v, award):
 	return {"message": f"{award_title} award bought!"}

@app.post("/award/<thing_type>/<id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
@feature_required('AWARDS')
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -457,7 +457,7 @@ def edit_comment(cid, v):


@app.post("/delete/comment/<cid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def delete_comment(cid, v):
@ -485,7 +485,7 @@ def delete_comment(cid, v):
 	return {"message": "Comment deleted!"}

@app.post("/undelete/comment/<cid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def undelete_comment(cid, v):
@ -557,7 +557,7 @@ def unpin_comment(cid, v):


@app.post("/save_comment/<cid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def save_comment(cid, v):
@ -574,7 +574,7 @@ def save_comment(cid, v):
 	return {"message": "Comment saved!"}

@app.post("/unsave_comment/<cid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def unsave_comment(cid, v):
@ -610,7 +610,7 @@ def diff_words(answer, guess):


@app.post("/wordle/<cid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def handle_wordle_action(cid, v):
--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -180,7 +180,7 @@ def me(v):


@app.post("/logout")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def logout(v):
@ -397,7 +397,7 @@ def get_forgot():


@app.post("/forgot")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
 def post_forgot():

 	username = request.values.get("username")
@ -469,7 +469,7 @@ def get_reset():


@app.post("/reset")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@auth_desired
 def post_reset(v):
 	if v: return redirect('/')
--- a/files/routes/oauth.py
+++ b/files/routes/oauth.py
@ -17,7 +17,7 @@ def authorize_prompt(v):


@app.post("/authorize")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def authorize(v):
@ -39,7 +39,7 @@ def authorize(v):


@app.post("/rescind/<aid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def rescind(v, aid):
@ -51,7 +51,7 @@ def rescind(v, aid):


@app.post("/api_keys")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
 def request_api_keys(v):
@ -93,7 +93,7 @@ def request_api_keys(v):


@app.post("/delete_app/<aid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def delete_oauth_app(v, aid):
@ -116,7 +116,7 @@ def delete_oauth_app(v, aid):


@app.post("/edit_app/<aid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
 def edit_oauth_app(v, aid):
@ -140,7 +140,7 @@ def edit_oauth_app(v, aid):


@app.post("/admin/app/approve/<aid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['APPS_MODERATION'])
 def admin_app_approve(v, aid):

@ -176,7 +176,7 @@ def admin_app_approve(v, aid):


@app.post("/admin/app/revoke/<aid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['APPS_MODERATION'])
 def admin_app_revoke(v, aid):

@ -201,7 +201,7 @@ def admin_app_revoke(v, aid):


@app.post("/admin/app/reject/<aid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@admin_level_required(PERMS['APPS_MODERATION'])
 def admin_app_reject(v, aid):

@ -284,7 +284,7 @@ def admin_apps_list(v):


@app.post("/reroll/<aid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def reroll_oauth_tokens(aid, v):
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -78,7 +78,7 @@ def unclub_post(pid, v):


@app.post("/publish/<pid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def publish(pid, v):
@ -226,7 +226,7 @@ def post_id(pid, anything=None, v=None, sub=None):
 		fart=app.config['SETTINGS']['Fart mode'])

@app.get("/viewmore/<pid>/<sort>/<offset>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@auth_desired_with_logingate
 def viewmore(v, pid, sort, offset):
 	post = get_post(pid, v=v)
@ -282,7 +282,7 @@ def viewmore(v, pid, sort, offset):


@app.get("/morecomments/<cid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@auth_desired_with_logingate
 def morecomments(v, cid):
 	try: cid = int(cid)
@ -954,7 +954,7 @@ def submit_post(v, sub=None):


@app.post("/delete_post/<pid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def delete_post_pid(pid, v):
@ -981,7 +981,7 @@ def delete_post_pid(pid, v):
 	return {"message": "Post deleted!"}

@app.post("/undelete_post/<pid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def undelete_post_pid(pid, v):
@ -1037,7 +1037,7 @@ def toggle_post_nsfw(pid, v):
 	else: return {"message": "Post has been unmarked as +18!"}

@app.post("/save_post/<pid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def save_post(pid, v):
@ -1053,7 +1053,7 @@ def save_post(pid, v):
 	return {"message": "Post saved!"}

@app.post("/unsave_post/<pid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def unsave_post(pid, v):
--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@ -8,7 +8,7 @@ from os import path
 from files.helpers.sanitize import filter_emojis_only

@app.post("/report/post/<pid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def flag_post(pid, v):
@ -61,7 +61,7 @@ def flag_post(pid, v):


@app.post("/report/comment/<cid>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def flag_comment(cid, v):
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -27,7 +27,7 @@ def settings_personal(v):
 	return render_template("settings/personal.html", v=v)

@app.delete('/settings/background')
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def remove_background(v):
@ -37,7 +37,7 @@ def remove_background(v):
 	return {"message": "Background removed!"}

@app.post("/settings/personal")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_personal_post(v):
@ -318,21 +318,21 @@ def set_color(v:User, attr:str, color:Optional[str]):


@app.post("/settings/namecolor")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def namecolor(v):
 	return set_color(v, "namecolor", request.values.get("namecolor"))
 	
@app.post("/settings/themecolor")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def themecolor(v):
 	return set_color(v, "themecolor", request.values.get("themecolor"))

@app.post("/settings/gumroad")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def gumroad(v):
@ -368,14 +368,14 @@ def gumroad(v):
 	return {"message": f"{patron} rewards claimed!"}

@app.post("/settings/titlecolor")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def titlecolor(v):
 	return set_color(v, "titlecolor", request.values.get("titlecolor"))

@app.post("/settings/verifiedcolor")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def verifiedcolor(v):
@ -383,7 +383,7 @@ def verifiedcolor(v):
 	return set_color(v, "verifiedcolor", "verifiedcolor")

@app.post("/settings/security")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_security_post(v):
@ -456,7 +456,7 @@ def settings_security_post(v):
 		return render_template("settings/security.html", v=v, msg="Two-factor authentication disabled.")

@app.post("/settings/log_out_all_others")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_log_out_others(v):
@ -471,7 +471,7 @@ def settings_log_out_others(v):


@app.post("/settings/images/profile")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_images_profile(v):
@ -506,7 +506,7 @@ def settings_images_profile(v):


@app.post("/settings/images/banner")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
@feature_required('USERS_PROFILE_BANNER')
@ -534,7 +534,7 @@ def settings_css_get(v):
 	return render_template("settings/css.html", v=v)

@app.post("/settings/css")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_css(v):
@ -548,7 +548,7 @@ def settings_css(v):
 	return render_template("settings/css.html", v=v)

@app.post("/settings/profilecss")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_profilecss(v):
@ -597,7 +597,7 @@ def settings_block_user(v):


@app.post("/settings/unblock")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_unblock_user(v):
@ -621,7 +621,7 @@ def settings_advanced_get(v):
 	return render_template("settings/advanced.html", v=v)

@app.post("/settings/name_change")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
 def settings_name_change(v):
@ -763,7 +763,7 @@ def settings_song_change(v):
 	return redirect("/settings/personal")

@app.post("/settings/title_change")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_title_change(v):
@ -787,7 +787,7 @@ def settings_title_change(v):


@app.post("/settings/pronouns_change")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
@feature_required('PRONOUNS')
@ -814,7 +814,7 @@ def settings_pronouns_change(v):


@app.post("/settings/checkmark_text")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def settings_checkmark_text(v):
--- a/files/routes/subs.py
+++ b/files/routes/subs.py
@ -386,7 +386,7 @@ def sub_settings(v, sub):


@app.post('/h/<sub>/sidebar')
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
 def post_sub_sidebar(v, sub):
@ -411,7 +411,7 @@ def post_sub_sidebar(v, sub):


@app.post('/h/<sub>/css')
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
 def post_sub_css(v, sub):
--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -312,14 +312,14 @@ def transfer_currency(v:User, username:str, currency_name:Literal['coins', 'proc
 	return {"message": f"{amount - tax} {friendly_currency_name} have been transferred to @{receiver.username}"}
 	
@app.post("/@<username>/transfer_coins")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
 def transfer_coins(v, username):
 	return transfer_currency(v, username, 'coins', True)

@app.post("/@<username>/transfer_bux")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@is_not_permabanned
@feature_required('PROCOINS')
@ -392,7 +392,7 @@ def song(song):
 	return resp

@app.post("/subscribe/<post_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def subscribe(v, post_id):
@ -403,7 +403,7 @@ def subscribe(v, post_id):
 	return {"message": "Subscribed to post successfully!"}
 	
@app.post("/unsubscribe/<post_id>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def unsubscribe(v, post_id):
@ -831,7 +831,7 @@ def u_user_id_info(id, v=None):
 	return user.json

@app.post("/follow/<username>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def follow_user(username, v):
@ -858,7 +858,7 @@ def follow_user(username, v):
 	return {"message": f"@{target.username} has been followed!"}

@app.post("/unfollow/<username>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def unfollow_user(username, v):
@ -886,7 +886,7 @@ def unfollow_user(username, v):
 	return {"message": f"@{target.username} has been unfollowed!"}

@app.post("/remove_follow/<username>")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@ratelimit_user()
@auth_required
 def remove_follow(username, v):
@ -1082,7 +1082,7 @@ kofi_tiers={
 	}

@app.post("/settings/kofi")
-@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
@auth_required
 def settings_kofi(v):
 	if not (v.email and v.is_activated):