add 1/second ratelimit to all POST
parent
7fc91eb6ef
commit
b950c9107a
|
@ -1995,6 +1995,8 @@ def change_under_siege(v):
|
||||||
return render_template('admin/under_siege.html', v=v, thresholds=thresholds)
|
return render_template('admin/under_siege.html', v=v, thresholds=thresholds)
|
||||||
|
|
||||||
@app.post("/admin/under_siege")
|
@app.post("/admin/under_siege")
|
||||||
|
@limiter.limit('1/second', scope=rpath)
|
||||||
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@admin_level_required(PERMS['CHANGE_UNDER_SIEGE'])
|
@admin_level_required(PERMS['CHANGE_UNDER_SIEGE'])
|
||||||
|
|
|
@ -103,6 +103,8 @@ def chat(v, chat_id):
|
||||||
|
|
||||||
|
|
||||||
@app.post("/chat/<int:chat_id>/name")
|
@app.post("/chat/<int:chat_id>/name")
|
||||||
|
@limiter.limit('1/second', scope=rpath)
|
||||||
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@ -125,6 +127,8 @@ def change_chat_name(v, chat_id):
|
||||||
return redirect(f"/chat/{chat.id}")
|
return redirect(f"/chat/{chat.id}")
|
||||||
|
|
||||||
@app.post("/chat/<int:chat_id>/leave")
|
@app.post("/chat/<int:chat_id>/leave")
|
||||||
|
@limiter.limit('1/second', scope=rpath)
|
||||||
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
|
|
|
@ -939,6 +939,8 @@ def profile_pin(post_id, v):
|
||||||
return abort(404, "Post not found!")
|
return abort(404, "Post not found!")
|
||||||
|
|
||||||
@app.post("/post/<int:post_id>/new")
|
@app.post("/post/<int:post_id>/new")
|
||||||
|
@limiter.limit('1/second', scope=rpath)
|
||||||
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@ -961,6 +963,8 @@ def set_new_sort(post_id, v):
|
||||||
|
|
||||||
|
|
||||||
@app.post("/post/<int:post_id>/hot")
|
@app.post("/post/<int:post_id>/hot")
|
||||||
|
@limiter.limit('1/second', scope=rpath)
|
||||||
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
|
|
|
@ -42,6 +42,8 @@ def settings_personal(v):
|
||||||
return render_template("settings/personal.html", v=v, msg=get_msg(), error=get_error())
|
return render_template("settings/personal.html", v=v, msg=get_msg(), error=get_error())
|
||||||
|
|
||||||
@app.post('/settings/remove_background')
|
@app.post('/settings/remove_background')
|
||||||
|
@limiter.limit('1/second', scope=rpath)
|
||||||
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID)
|
||||||
@auth_required
|
@auth_required
|
||||||
|
|
|
@ -1282,6 +1282,8 @@ def subscribed_posts(v, username):
|
||||||
return get_saves_and_subscribes(v, "userpage/posts.html", Subscription, page, False)
|
return get_saves_and_subscribes(v, "userpage/posts.html", Subscription, page, False)
|
||||||
|
|
||||||
@app.post("/toggle_pins/<hole>/<sort>")
|
@app.post("/toggle_pins/<hole>/<sort>")
|
||||||
|
@limiter.limit('1/second', scope=rpath)
|
||||||
|
@limiter.limit('1/second', scope=rpath, key_func=get_ID)
|
||||||
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400)
|
||||||
def toggle_pins(hole, sort):
|
def toggle_pins(hole, sort):
|
||||||
if sort == 'hot': default = True
|
if sort == 'hot': default = True
|
||||||
|
|
Loading…
Reference in New Issue