Implement basic ratelimiting

Fix various css bugs
Fixes + Responsive layout down to 320px width + waifu drawing over file list + filename wrapping
2018-07-26 14:30:23 -07:00 · 2018-07-26 13:45:19 -07:00
5 changed files with 40 additions and 1 deletions
--- a/1
+++ b/1
@ -11,6 +11,7 @@ flask-sqlalchemy = "*"
 bcrypt = "*"
 flask-migrate = "*"
 click = "*"
+flask-limiter = "*"

 [dev-packages]

--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "294652d06b03e0498836999c31a5a8e12c60ddb8074f2a5499604ab0f6abfb3b"
+            "sha256": "0d5dbb20521ef4c84be501e1e8244c768893c4b70ecf958bf657e9825c212d09"
        },
        "pipfile-spec": 6,
        "requires": {
@ -116,6 +116,13 @@
            "index": "pypi",
            "version": "==1.0.2"
        },
+        "flask-limiter": {
+            "hashes": [
+                "sha256:8cce98dcf25bf2ddbb824c2b503b4fc8e1a139154240fd2c60d9306bad8a0db8"
+            ],
+            "index": "pypi",
+            "version": "==1.0.1"
+        },
        "flask-login": {
            "hashes": [
                "sha256:c815c1ac7b3e35e2081685e389a665f2c74d7e077cb93cecabaea352da4752ec"
@ -160,6 +167,13 @@
            ],
            "version": "==2.10"
        },
+        "limits": {
+            "hashes": [
+                "sha256:9df578f4161017d79f5188609f1d65f6b639f8aad2914c3960c9252e56a0ff95",
+                "sha256:a017b8d9e9da6761f4574642149c337f8f540d4edfe573fb91ad2c4001a2bc76"
+            ],
+            "version": "==1.3"
+        },
        "mako": {
            "hashes": [
                "sha256:4e02fde57bd4abb5ec400181e4c314f56ac3e49ba4fb8b0d50bba18cb27d25ae"
--- a/notpiracyiswear.py
+++ b/notpiracyiswear.py
@ -2,6 +2,8 @@ from flask import Flask, render_template, flash, send_from_directory, redirect,
 from flask_sqlalchemy import SQLAlchemy
 from flask_migrate import Migrate
 from flask_login import LoginManager, current_user, login_user, logout_user, login_required
+from flask_limiter import Limiter
+import flask_limiter.util
 from operator import itemgetter
 import os

@ -23,6 +25,8 @@ login_manager.login_view = "login"
 def load_user(id):
    return User.query.get(id)

+limiter = Limiter(app, key_func=flask_limiter.util.get_ipaddr, headers_enabled=True)
+
@app.route('/')
 def index():
    if current_user.is_authenticated:
@ -31,6 +35,7 @@ def index():
        return redirect(url_for('login'))

@app.route('/login', methods=['GET', 'POST'])
+@limiter.limit("8/minute;1/second", exempt_when=lambda : request.method == 'GET')
 def login():
    if request.method == 'GET':
        if current_user.is_authenticated:
@ -60,6 +65,7 @@ def login():
            return redirect(request.path)

@app.route('/signup', methods=['GET', 'POST'])
+@limiter.limit("5/minute;1/second", exempt_when=lambda : request.method == 'GET')
 def signup():
    referal_key = request.args.get('referalkey')
    if not referal_key:
@ -99,6 +105,7 @@ def logout():
 #FIXME: make this functionality avalible in a settings/admin view
@app.route('/newreferal')
@login_required
+@limiter.limit("50/hour;2/second", key_func=lambda : current_user)
 def newreferal():
    referal = Referal(current_user)
    db.session.add(referal)
@ -147,5 +154,9 @@ def page_not_found(e):
 def internal_error(e):
    return render_template('500.html'), 500

+@app.errorhandler(429)
+def rate_limit(e):
+    return render_template('429.html', back=request.path), 429
+
 if __name__ == "__main__":
    app.run()
--- a/static/style.css
+++ b/static/style.css
@ -33,11 +33,13 @@ body {
  position: sticky;
  top: 0px;
  max-width: 600px;
+  min-width: 320px;
  display: flex;
  flex-direction: column;
  flex: auto;
  padding: 8px 16px;
  margin: auto;
+  box-sizing: border-box;
 }
 #contentarea > *:not(:last-child) {
  margin-top: 0px;
@ -141,6 +143,9 @@ button:active {

 .item-name {
  flex: auto;
+  min-width: 1%;
+  word-wrap: break-word;
+  padding-right: 8px;
 }
 .item-size {
  white-space: nowrap;
@ -205,6 +210,7 @@ button.nostyle {
  position: fixed;
  bottom: 0px;
  right: 0px;
+  z-index: -1;
  max-width: 30vw;
  max-height: 100vh;
 }
--- a/templates/429.html
+++ b/templates/429.html
@ -0,0 +1,7 @@
+{% extends 'error.html' %}
+{% block head %}
+  sTOP IT
+{% endblock %}
+{% block disc %}
+  Whoa buddy calm down, you're going too fast. Go drink some tea and then <a href="{{ back }}">try again.</a>
+{% endblock %}
Author	SHA1	Message	Date
Derek	333dbf9faa	Implement basic ratelimiting	2018-07-26 14:30:23 -07:00
Derek	d729ab8ef0	Fix various css bugs Fixes + Responsive layout down to 320px width + waifu drawing over file list + filename wrapping	2018-07-26 13:45:19 -07:00