mirror of
https://gitlab.com/SIGBUS/nyaa.git
synced 2024-12-22 09:19:59 +00:00
backend: count IP uploads in the user ratelimit (#583)
Users could double their ratelimit by uploading some torrents as anonymous submissions, then log into their account and post more. We can stop this by making the filter_uploader helper function use an sqlalchemy.or_ query to check for uploads from either that user or that user's IP.
This commit is contained in:
parent
532439356f
commit
97c32a483f
|
@ -139,7 +139,9 @@ def check_uploader_ratelimit(user):
|
||||||
|
|
||||||
def filter_uploader(query):
|
def filter_uploader(query):
|
||||||
if user:
|
if user:
|
||||||
return query.filter(Torrent.user == user)
|
return query.filter(sqlalchemy.or_(
|
||||||
|
Torrent.user == user,
|
||||||
|
Torrent.uploader_ip == ip_address(flask.request.remote_addr).packed))
|
||||||
else:
|
else:
|
||||||
return query.filter(Torrent.uploader_ip == ip_address(flask.request.remote_addr).packed)
|
return query.filter(Torrent.uploader_ip == ip_address(flask.request.remote_addr).packed)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue