From c2c9c79e20a9a32438658f066b07787fee45a675 Mon Sep 17 00:00:00 2001 From: Aevann Date: Fri, 1 Sep 2023 11:23:49 +0300 Subject: [PATCH] decrease edit and delete ratelimits to hinder mass-deleting and mass-editing --- files/helpers/config/const.py | 1 + files/routes/comments.py | 8 ++++---- files/routes/posts.py | 8 ++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/files/helpers/config/const.py b/files/helpers/config/const.py index 61c435381..e1453c66c 100644 --- a/files/helpers/config/const.py +++ b/files/helpers/config/const.py @@ -50,6 +50,7 @@ class Service(Enum): DEFAULT_RATELIMIT = "30/minute;200/hour;1000/day" CASINO_RATELIMIT = "100/minute;5000/hour;20000/day" +DELETE_EDIT_RATELIMIT = "10/minute;50/day" PUSH_NOTIF_LIMIT = 1000 diff --git a/files/routes/comments.py b/files/routes/comments.py index 944917e7b..b02e99855 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -424,8 +424,8 @@ def comment(v): @app.post("/delete/comment/") @limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath, key_func=get_ID) -@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) -@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @auth_required def delete_comment(cid, v): if SITE == 'rdrama.net' and v.id == 253: @@ -625,8 +625,8 @@ def toggle_comment_nsfw(cid, v): @app.post("/edit_comment/") @limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath, key_func=get_ID) -@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400) -@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400, key_func=get_ID) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @is_not_permabanned def edit_comment(cid, v): c = get_comment(cid, v=v) diff --git a/files/routes/posts.py b/files/routes/posts.py index 36a93a60e..a3e52bb83 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -686,8 +686,8 @@ def submit_post(v, sub=None): @app.post("/delete/post/") @limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath, key_func=get_ID) -@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) -@limiter.limit(DEFAULT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @auth_required def delete_post_pid(pid, v): p = get_post(pid) @@ -950,8 +950,8 @@ def get_post_title(v): @app.post("/edit_post/") @limiter.limit('1/second', scope=rpath) @limiter.limit('1/second', scope=rpath, key_func=get_ID) -@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400) -@limiter.limit("10/minute;100/hour;200/day", deduct_when=lambda response: response.status_code < 400, key_func=get_ID) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400) +@limiter.limit(DELETE_EDIT_RATELIMIT, deduct_when=lambda response: response.status_code < 400, key_func=get_ID) @is_not_permabanned def edit_post(pid, v): p = get_post(pid)