diff --git a/files/mail/__init__.py b/files/mail/__init__.py index aac9ee80a..2be13d9d3 100644 --- a/files/mail/__init__.py +++ b/files/mail/__init__.py @@ -41,7 +41,7 @@ def send_verification_email(user, email=None): @app.post("/verify_email") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def api_verify_email(v): diff --git a/files/routes/admin.py b/files/routes/admin.py index 406251b52..7ea3cacee 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -28,7 +28,7 @@ def truescore(v): @app.post("/@/revert_actions") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) def revert_actions(v, username): if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host): @@ -52,7 +52,7 @@ def revert_actions(v, username): return {"message": "Admin actions reverted!"} @app.post("/@/club_allow") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) def club_allow(v, username): @@ -83,7 +83,7 @@ def club_allow(v, username): return {"message": f"@{username} has been allowed into the country club!"} @app.post("/@/club_ban") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) def club_ban(v, username): @@ -113,7 +113,7 @@ def club_ban(v, username): @app.post("/@/make_admin") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) def make_admin(v, username): if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host): @@ -126,7 +126,7 @@ def make_admin(v, username): @app.post("/@/remove_admin") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) def remove_admin(v, username): if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host): @@ -139,7 +139,7 @@ def remove_admin(v, username): @app.post("/@/make_fake_admin") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) def make_fake_admin(v, username): if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host): @@ -152,7 +152,7 @@ def make_fake_admin(v, username): @app.post("/@/remove_fake_admin") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) def remove_fake_admin(v, username): if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host): @@ -235,7 +235,7 @@ def get_rules(v): @app.post('/admin/rules') -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def post_rules(v): @@ -372,7 +372,7 @@ def badge_grant_get(v): @app.post("/admin/badge_grant") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(4) @validate_formkey def badge_grant_post(v): @@ -601,7 +601,7 @@ def alt_votes_get(v): @app.post("/admin/link_accounts") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(4) @validate_formkey def admin_link_accounts(v): @@ -648,7 +648,7 @@ def admin_removed(v): @app.post("/admin/image_ban") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(4) @validate_formkey def admin_image_ban(v): @@ -757,7 +757,7 @@ def agendaposter(user_id, v): @app.post("/shadowban/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def shadowban(user_id, v): @@ -783,7 +783,7 @@ def shadowban(user_id, v): @app.post("/unshadowban/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def unshadowban(user_id, v): @@ -808,7 +808,7 @@ def unshadowban(user_id, v): return {"message": "User unshadowbanned!"} @app.post("/admin/verify/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def verify(user_id, v): @@ -819,7 +819,7 @@ def verify(user_id, v): return {"message": "User verfied!"} @app.post("/admin/unverify/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def unverify(user_id, v): @@ -831,7 +831,7 @@ def unverify(user_id, v): @app.post("/admin/title_change/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def admin_title_change(user_id, v): @@ -865,7 +865,7 @@ def admin_title_change(user_id, v): return redirect(user.url) @app.post("/ban_user/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def ban_user(user_id, v): @@ -941,7 +941,7 @@ def ban_user(user_id, v): @app.post("/unban_user/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(6) @validate_formkey def unban_user(user_id, v): @@ -979,7 +979,7 @@ def unban_user(user_id, v): @app.post("/ban_post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(3) @validate_formkey def ban_post(post_id, v): @@ -1023,7 +1023,7 @@ def ban_post(post_id, v): @app.post("/unban_post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(3) @validate_formkey def unban_post(post_id, v): @@ -1118,7 +1118,7 @@ def api_pin_post(post_id, v): else: return {"message": "Post unpinned!"} @app.post("/ban_comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(1) def api_ban_comment(c_id, v): @@ -1142,7 +1142,7 @@ def api_ban_comment(c_id, v): @app.post("/unban_comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(1) def api_unban_comment(c_id, v): @@ -1208,7 +1208,7 @@ def admin_banned_domains(v): return render_template("admin/banned_domains.html", v=v, banned_domains=banned_domains) @app.post("/admin/banned_domains") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(4) @validate_formkey def admin_toggle_ban_domain(v): @@ -1230,7 +1230,7 @@ def admin_toggle_ban_domain(v): @app.post("/admin/nuke_user") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(4) @validate_formkey def admin_nuke_user(v): @@ -1264,7 +1264,7 @@ def admin_nuke_user(v): @app.post("/admin/unnuke_user") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(4) @validate_formkey def admin_nunuke_user(v): diff --git a/files/routes/awards.py b/files/routes/awards.py index e62462a85..dd5a10795 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -185,7 +185,7 @@ ALLOW_MULTIPLE = ( ) @app.post("/post//awards") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def award_post(pid, v): @@ -249,7 +249,7 @@ def award_post(pid, v): @app.post("/comment//awards") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def award_comment(cid, v): @@ -322,7 +322,7 @@ def admin_userawards_get(v): return render_template("admin/user_award.html", awards=list(AWARDS.values()), v=v) @app.post("/admin/user_award") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def admin_userawards_post(v): diff --git a/files/routes/comments.py b/files/routes/comments.py index 7fc2cd21e..47722af79 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -120,7 +120,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None): @app.post("/comment") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @limiter.limit("6/minute") @is_not_banned @validate_formkey @@ -574,7 +574,7 @@ def api_comment(v): @app.post("/edit_comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def edit_comment(cid, v): @@ -771,7 +771,7 @@ def edit_comment(cid, v): @app.post("/delete/comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def delete_comment(cid, v): @@ -795,7 +795,7 @@ def delete_comment(cid, v): return {"message": "Comment deleted!"} @app.post("/undelete/comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def undelete_comment(cid, v): @@ -850,7 +850,7 @@ def toggle_pin_comment(cid, v): @app.post("/save_comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def save_comment(cid, v): @@ -867,7 +867,7 @@ def save_comment(cid, v): return {"message": "Comment saved!"} @app.post("/unsave_comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def unsave_comment(cid, v): diff --git a/files/routes/errors.py b/files/routes/errors.py index 1447c8a3b..7835ee4c9 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -67,7 +67,7 @@ def error_500(e, v): @app.post("/allow_nsfw") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") def allow_nsfw(): session["over_18"] = int(time.time()) + 3600 diff --git a/files/routes/login.py b/files/routes/login.py index 0324b9aa2..ccd3471bc 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -78,7 +78,7 @@ def check_for_alts(current_id): @app.post("/login") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @limiter.limit("6/minute") def login_post(): @@ -167,7 +167,7 @@ def me(v): @app.post("/logout") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def logout(v): @@ -228,7 +228,7 @@ def sign_up_get(v): @app.post("/signup") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @limiter.limit("5/day") @auth_desired def sign_up_post(v): @@ -380,7 +380,7 @@ def get_forgot(): @app.post("/forgot") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") def post_forgot(): username = request.values.get("username").lstrip('@') @@ -450,7 +450,7 @@ def get_reset(): @app.post("/reset") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_desired def post_reset(v): if v: @@ -503,7 +503,7 @@ def lost_2fa(v): ) @app.post("/request_2fa_disable") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @limiter.limit("6/minute") def request_2fa_disable(): diff --git a/files/routes/oauth.py b/files/routes/oauth.py index 61188a2d8..124948696 100644 --- a/files/routes/oauth.py +++ b/files/routes/oauth.py @@ -17,7 +17,7 @@ def authorize_prompt(v): @app.post("/authorize") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def authorize(v): @@ -40,7 +40,7 @@ def authorize(v): @app.post("/api_keys") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @is_not_banned def request_api_keys(v): @@ -61,7 +61,7 @@ def request_api_keys(v): @app.post("/delete_app/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def delete_oauth_app(v, aid): @@ -80,7 +80,7 @@ def delete_oauth_app(v, aid): @app.post("/edit_app/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @is_not_banned @validate_formkey def edit_oauth_app(v, aid): @@ -100,7 +100,7 @@ def edit_oauth_app(v, aid): @app.post("/admin/app/approve/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(3) @validate_formkey def admin_app_approve(v, aid): @@ -128,7 +128,7 @@ def admin_app_approve(v, aid): @app.post("/admin/app/revoke/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(3) @validate_formkey def admin_app_revoke(v, aid): @@ -147,7 +147,7 @@ def admin_app_revoke(v, aid): @app.post("/admin/app/reject/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @admin_level_required(3) @validate_formkey def admin_app_reject(v, aid): @@ -230,7 +230,7 @@ def admin_apps_list(v): @app.post("/oauth/reroll/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def reroll_oauth_tokens(aid, v): diff --git a/files/routes/posts.py b/files/routes/posts.py index c1c9a3c49..2cca3cc77 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -50,7 +50,7 @@ def toggle_club(pid, v): @app.post("/publish/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def publish(pid, v): @@ -189,7 +189,7 @@ def post_id(pid, anything=None, v=None): @app.post("/edit_post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def edit_post(pid, v): @@ -504,7 +504,7 @@ def thumbnail_thread(pid): @app.post("/submit") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @limiter.limit("6/minute") @is_not_banned @validate_formkey @@ -962,7 +962,7 @@ def submit_post(v): @app.post("/delete_post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def delete_post_pid(pid, v): @@ -984,7 +984,7 @@ def delete_post_pid(pid, v): return {"message": "Post deleted!"} @app.post("/undelete_post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def undelete_post_pid(pid, v): @@ -1043,7 +1043,7 @@ def toggle_post_nsfw(pid, v): else: return {"message": "Post has been unmarked as +18!"} @app.post("/save_post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def save_post(pid, v): @@ -1060,7 +1060,7 @@ def save_post(pid, v): return {"message": "Post saved!"} @app.post("/unsave_post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def unsave_post(pid, v): diff --git a/files/routes/reporting.py b/files/routes/reporting.py index 1896197e5..046c56402 100644 --- a/files/routes/reporting.py +++ b/files/routes/reporting.py @@ -5,7 +5,7 @@ from files.__main__ import app, limiter from os import path @app.post("/flag/post/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_desired def api_flag_post(pid, v): @@ -37,7 +37,7 @@ def api_flag_post(pid, v): @app.post("/flag/comment/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_desired def api_flag_comment(cid, v): @@ -68,7 +68,7 @@ def api_flag_comment(cid, v): @app.post('/del_report/') -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def remove_report(report_fn, v): diff --git a/files/routes/settings.py b/files/routes/settings.py index 98d09a7cb..fa1df76fb 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -31,7 +31,7 @@ tiers={ } @app.post("/settings/removebackground") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def removebackground(v): v.background = None @@ -40,7 +40,7 @@ def removebackground(v): return {"message": "Background removed!"} @app.post("/settings/profile") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_profile_post(v): @@ -264,7 +264,7 @@ def changelogsub(v): else: return {"message": "You have unsubscribed from the changelog!"} @app.post("/settings/namecolor") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def namecolor(v): @@ -277,7 +277,7 @@ def namecolor(v): return redirect("/settings/profile") @app.post("/settings/themecolor") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def themecolor(v): @@ -290,7 +290,7 @@ def themecolor(v): return redirect("/settings/profile") @app.post("/settings/gumroad") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def gumroad(v): @@ -365,7 +365,7 @@ def gumroad(v): return {"message": f"{patron} rewards claimed!"} @app.post("/settings/titlecolor") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def titlecolor(v): @@ -379,7 +379,7 @@ def titlecolor(v): return redirect("/settings/profile") @app.post("/settings/security") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_security_post(v): @@ -483,7 +483,7 @@ def settings_security_post(v): escape("Two-factor authentication disabled.")) @app.post("/settings/log_out_all_others") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_log_out_others(v): @@ -506,7 +506,7 @@ def settings_log_out_others(v): @app.post("/settings/images/profile") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_images_profile(v): @@ -538,7 +538,7 @@ def settings_images_profile(v): @app.post("/settings/images/banner") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_images_banner(v): @@ -561,7 +561,7 @@ def settings_images_banner(v): @app.post("/settings/delete/profile") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_delete_profile(v): @@ -573,7 +573,7 @@ def settings_delete_profile(v): msg="Profile picture successfully removed.") @app.post("/settings/delete/banner") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_delete_banner(v): @@ -599,7 +599,7 @@ def settings_css_get(v): return render_template("settings_css.html", v=v) @app.post("/settings/css") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def settings_css(v): css = request.values.get("css").replace('\\', '')[:50000] @@ -621,7 +621,7 @@ def settings_profilecss_get(v): return render_template("settings_profilecss.html", v=v) @app.post("/settings/profilecss") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def settings_profilecss(v): if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." @@ -633,7 +633,7 @@ def settings_profilecss(v): return render_template("settings_profilecss.html", v=v) @app.post("/settings/block") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_block_user(v): @@ -671,7 +671,7 @@ def settings_block_user(v): @app.post("/settings/unblock") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_unblock_user(v): @@ -706,7 +706,7 @@ def settings_apps(v): @app.post("/settings/remove_discord") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_remove_discord(v): @@ -727,7 +727,7 @@ def settings_content_get(v): return render_template("settings_filters.html", v=v) @app.post("/settings/name_change") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_name_change(v): @@ -774,7 +774,7 @@ def settings_name_change(v): return redirect("/settings/profile") @app.post("/settings/song_change") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_song_change(v): @@ -856,7 +856,7 @@ def settings_song_change(v): return redirect("/settings/profile") @app.post("/settings/title_change") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required @validate_formkey def settings_title_change(v): diff --git a/files/routes/static.py b/files/routes/static.py index 73c5f9927..ada24e745 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -222,7 +222,7 @@ def contact(v): return render_template("contact.html", v=v) @app.post("/contact") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def submit_contact(v): message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "") @@ -333,7 +333,7 @@ def settings_security(v): ) @app.post("/dismiss_mobile_tip") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") def dismiss_mobile_tip(): session["tooltip_last_dismissed"]=int(time.time()) diff --git a/files/routes/users.py b/files/routes/users.py index 2fe9cd41e..9f0545d41 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -21,7 +21,7 @@ beams_client = PushNotifications( @app.post("/pay_rent") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def pay_rent(v): if v.coins < 500: return "You must have more than 500 coins." @@ -37,7 +37,7 @@ def pay_rent(v): @app.post("/steal") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @is_not_banned def steal(v): if int(time.time()) - v.created_utc < 604800: @@ -91,7 +91,7 @@ def thiefs(v): @app.post("/@/suicide") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def suicide(v, username): t = int(time.time()) @@ -113,7 +113,7 @@ def get_coins(v, username): else: return {"error": "invalid_user"}, 404 @app.post("/@/transfer_coins") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @is_not_banned @validate_formkey def transfer_coins(v, username): @@ -202,7 +202,7 @@ def song(song): return resp @app.post("/subscribe/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def subscribe(v, post_id): new_sub = Subscription(user_id=v.id, submission_id=post_id) @@ -211,7 +211,7 @@ def subscribe(v, post_id): return {"message": "Post subscribed!"} @app.post("/unsubscribe/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def unsubscribe(v, post_id): sub=g.db.query(Subscription).options(lazyload('*')).filter_by(user_id=v.id, submission_id=post_id).first() @@ -221,7 +221,7 @@ def unsubscribe(v, post_id): return {"message": "Post unsubscribed!"} @app.post("/@/message") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @limiter.limit("10/hour") @auth_required def message2(v, username): @@ -284,7 +284,7 @@ def message2(v, username): @app.post("/reply") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @limiter.limit("6/minute") @auth_required def messagereply(v): @@ -616,7 +616,7 @@ def u_username_info(username, v=None): @app.post("/follow/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def follow_user(username, v): @@ -642,7 +642,7 @@ def follow_user(username, v): return {"message": "User followed!"} @app.post("/unfollow/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def unfollow_user(username, v): @@ -669,7 +669,7 @@ def unfollow_user(username, v): return {"message": "User unfollowed!"} @app.post("/remove_follow/") -@limiter.limit("1/0.5second") +@limiter.limit("1/second") @auth_required def remove_follow(username, v): target = get_user(username)