Browse Source

Add a rate limiter

* rate limit the unauthenticated endpoints to 2 requests a minute
master
Drew Short 6 years ago
parent
commit
9439553589
  1. 38
      app.py
  2. 1
      requirements.txt

38
app.py

@ -6,16 +6,28 @@ from urllib.parse import urlparse, urljoin
import flask import flask
from flask import Flask, redirect, render_template, request, g, flash, url_for from flask import Flask, redirect, render_template, request, g, flash, url_for
from flask_login import LoginManager, login_required, login_user, logout_user, \
UserMixin
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
from flask_login import (LoginManager,
login_required,
login_user,
logout_user,
UserMixin)
from flask_wtf import CSRFProtect from flask_wtf import CSRFProtect
from werkzeug.contrib.fixers import ProxyFix from werkzeug.contrib.fixers import ProxyFix
from db import get_db, get_registration_codes, add_registration_code, \
expire_registration_code, delete_registration_code, get_registered_users, \
add_registered_user
from forms import RegistrationForm, LoginForm, RegistrationCodeForm, \
ExpireRegistrationCodeForm
from db import (
get_db,
get_registration_codes,
add_registration_code,
expire_registration_code,
delete_registration_code,
get_registered_users,
add_registered_user)
from forms import (RegistrationForm,
LoginForm,
RegistrationCodeForm,
ExpireRegistrationCodeForm)
from register_new_matrix_user import register_new_user from register_new_matrix_user import register_new_user
csrf = CSRFProtect() csrf = CSRFProtect()
@ -82,6 +94,7 @@ def create_app():
app = create_app() app = create_app()
app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=1) app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=1)
limiter = Limiter(app, key_func=get_remote_address)
log.info("Bound reverse proxy wsgi app") log.info("Bound reverse proxy wsgi app")
@ -111,7 +124,8 @@ class User(UserMixin):
def is_safe_url(target): def is_safe_url(target):
ref_url = urlparse(request.host_url) ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target)) test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
return test_url.scheme in (
'http', 'https') and ref_url.netloc == test_url.netloc
def get_successful_registration_redirect(): def get_successful_registration_redirect():
@ -137,15 +151,18 @@ def index():
@app.route('/register', methods=('GET', 'POST')) @app.route('/register', methods=('GET', 'POST'))
@limiter.limit("2/minute")
def registration(): def registration():
form = RegistrationForm() form = RegistrationForm()
if form.validate_on_submit(): if form.validate_on_submit():
if app.config.get("MATRIX_HOMESERVER") is None: if app.config.get("MATRIX_HOMESERVER") is None:
flash("Matrix Homeserver Currently Unavailable. Please Try Again Later!")
flash(
"Matrix Homeserver Currently Unavailable. Please Try Again Later!")
return render_template('register.html', form=form) return render_template('register.html', form=form)
else: else:
if app.config.get("MATRIX_SHARED_SECRET") is None: if app.config.get("MATRIX_SHARED_SECRET") is None:
flash("Registration Configuration Is Invalid. Contact Administrator!")
flash(
"Registration Configuration Is Invalid. Contact Administrator!")
return render_template('register.html', form=form) return render_template('register.html', form=form)
else: else:
response = register_new_user( response = register_new_user(
@ -216,6 +233,7 @@ def admin_expire_registration_code():
@app.route('/admin/login', methods=('GET', 'POST')) @app.route('/admin/login', methods=('GET', 'POST'))
@limiter.limit("2/minute")
def admin_login(): def admin_login():
form = LoginForm() form = LoginForm()
if form.validate_on_submit(): if form.validate_on_submit():

1
requirements.txt

@ -1,5 +1,6 @@
flask==1.0.2 flask==1.0.2
flask-wtf==0.14 flask-wtf==0.14
flask-login==0.4.1 flask-login==0.4.1
flask-limiter==1.0.1
requests==2.21.0 requests==2.21.0
safe safe
Loading…
Cancel
Save