mirror of
https://gitlab.com/SIGBUS/nyaa.git
synced 2024-12-22 08:10:03 +00:00
Add login endpoint rate limiting
This doesn't discriminate between failed logins and successful logins, but only counts POST requests. The limit is set to 6 per hour.
This commit is contained in:
parent
611f0c5706
commit
5c943f35e3
|
@ -6,7 +6,7 @@ import flask
|
||||||
from flask_assets import Bundle # noqa F401
|
from flask_assets import Bundle # noqa F401
|
||||||
|
|
||||||
from nyaa.api_handler import api_blueprint
|
from nyaa.api_handler import api_blueprint
|
||||||
from nyaa.extensions import assets, cache, db, fix_paginate, toolbar
|
from nyaa.extensions import assets, cache, db, fix_paginate, limiter, toolbar
|
||||||
from nyaa.template_utils import bp as template_utils_bp
|
from nyaa.template_utils import bp as template_utils_bp
|
||||||
from nyaa.template_utils import caching_url_for
|
from nyaa.template_utils import caching_url_for
|
||||||
from nyaa.utils import random_string
|
from nyaa.utils import random_string
|
||||||
|
@ -128,4 +128,7 @@ def create_app(config):
|
||||||
# Cache
|
# Cache
|
||||||
cache.init_app(app, config=app.config)
|
cache.init_app(app, config=app.config)
|
||||||
|
|
||||||
|
# Rate Limiting
|
||||||
|
limiter.init_app(app)
|
||||||
|
|
||||||
return app
|
return app
|
||||||
|
|
|
@ -5,12 +5,15 @@ from flask.config import Config
|
||||||
from flask_assets import Environment
|
from flask_assets import Environment
|
||||||
from flask_caching import Cache
|
from flask_caching import Cache
|
||||||
from flask_debugtoolbar import DebugToolbarExtension
|
from flask_debugtoolbar import DebugToolbarExtension
|
||||||
|
from flask_limiter import Limiter
|
||||||
|
from flask_limiter.util import get_remote_address
|
||||||
from flask_sqlalchemy import BaseQuery, Pagination, SQLAlchemy
|
from flask_sqlalchemy import BaseQuery, Pagination, SQLAlchemy
|
||||||
|
|
||||||
assets = Environment()
|
assets = Environment()
|
||||||
db = SQLAlchemy()
|
db = SQLAlchemy()
|
||||||
toolbar = DebugToolbarExtension()
|
toolbar = DebugToolbarExtension()
|
||||||
cache = Cache()
|
cache = Cache()
|
||||||
|
limiter = Limiter(key_func=get_remote_address)
|
||||||
|
|
||||||
|
|
||||||
class LimitedPagination(Pagination):
|
class LimitedPagination(Pagination):
|
||||||
|
|
|
@ -6,7 +6,7 @@ from ipaddress import ip_address
|
||||||
import flask
|
import flask
|
||||||
|
|
||||||
from nyaa import email, forms, models
|
from nyaa import email, forms, models
|
||||||
from nyaa.extensions import db
|
from nyaa.extensions import db, limiter
|
||||||
from nyaa.utils import sha1_hash
|
from nyaa.utils import sha1_hash
|
||||||
from nyaa.views.users import get_activation_link, get_password_reset_link, get_serializer
|
from nyaa.views.users import get_activation_link, get_password_reset_link, get_serializer
|
||||||
|
|
||||||
|
@ -15,6 +15,8 @@ bp = flask.Blueprint('account', __name__)
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/login', methods=['GET', 'POST'])
|
@bp.route('/login', methods=['GET', 'POST'])
|
||||||
|
@limiter.limit('6/hour', methods=['POST'],
|
||||||
|
error_message="You've tried logging in too many times, try again in an hour.")
|
||||||
def login():
|
def login():
|
||||||
if flask.g.user:
|
if flask.g.user:
|
||||||
return flask.redirect(redirect_url())
|
return flask.redirect(redirect_url())
|
||||||
|
|
|
@ -52,3 +52,4 @@ webassets==0.12.1
|
||||||
Werkzeug==0.15.5
|
Werkzeug==0.15.5
|
||||||
WTForms==2.2.1
|
WTForms==2.2.1
|
||||||
Flask-Caching==1.7.2
|
Flask-Caching==1.7.2
|
||||||
|
Flask-Limiter==1.0.1
|
||||||
|
|
Loading…
Reference in a new issue