YunoHost/dynette
1
0
Fork 0
mirror of https://github.com/YunoHost/dynette.git synced 2024-09-03 20:06:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add limit exemption for trusted IPs

Browse source
This commit is contained in:
Alexandre Aubin 2023-09-28 16:38:10 +02:00
parent 00ae15a9bc
commit f698677e73
1 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
app.py
View file

@ -10,11 +10,14 @@ from flask_limiter import Limiter
from flask_limiter.util import get_remote_address from flask_limiter.util import get_remote_address
from werkzeug.middleware.proxy_fix import ProxyFix from werkzeug.middleware.proxy_fix import ProxyFix
DOMAIN_REGEX = re.compile( DOMAIN_REGEX = re.compile(
r"^([a-z0-9]{1}([a-z0-9\-]*[a-z0-9])*)(\.[a-z0-9]{1}([a-z0-9\-]*[a-z0-9])*)*(\.[a-z]{1}([a-z0-9\-]*[a-z0-9])*)$" r"^([a-z0-9]{1}([a-z0-9\-]*[a-z0-9])*)(\.[a-z0-9]{1}([a-z0-9\-]*[a-z0-9])*)*(\.[a-z]{1}([a-z0-9\-]*[a-z0-9])*)$"
) )
def trusted_ip():
# This is for example the CI, or developers testing new developments
return request.environ.get("HTTP_X_FORWARDED_HOST") in app.config.get("LIMIT_EXEMPTED_IPS", [])
app = Flask(__name__) app = Flask(__name__)
app.config.from_file("config.yml", load=yaml.safe_load) app.config.from_file("config.yml", load=yaml.safe_load)
# cf. https://flask-limiter.readthedocs.io/en/stable/recipes.html#deploying-an-application-behind-a-proxy # cf. https://flask-limiter.readthedocs.io/en/stable/recipes.html#deploying-an-application-behind-a-proxy
@ -27,6 +30,8 @@ limiter = Limiter(
storage_uri="redis://localhost:6379", storage_uri="redis://localhost:6379",
storage_options={"socket_connect_timeout": 30}, storage_options={"socket_connect_timeout": 30},
strategy="fixed-window", # or "moving-window" strategy="fixed-window", # or "moving-window"
application_limits_exempt_when=trusted_ip,
default_limits_exempt_when=trusted_ip,
) )
assert os.path.isdir( assert os.path.isdir(
@ -64,7 +69,7 @@ def domains():
@app.route("/test/<domain>") @app.route("/test/<domain>")
@limiter.limit("50 per hour") @limiter.limit("50 per hour", exempt_when=trusted_ip)
def availability(domain): def availability(domain):
error = _validate_domain(domain) error = _validate_domain(domain)
@ -78,7 +83,7 @@ def availability(domain):
@app.route("/key/<key>", methods=["POST"]) @app.route("/key/<key>", methods=["POST"])
@limiter.limit("5 per hour") @limiter.limit("5 per hour", exempt_when=trusted_ip)
def register(key): def register(key):
try: try:
@ -126,7 +131,7 @@ def register(key):
@app.route("/domains/<subdomain>", methods=["DELETE"]) @app.route("/domains/<subdomain>", methods=["DELETE"])
@limiter.limit("5 per hour") @limiter.limit("5 per hour", exempt_when=trusted_ip)
def delete_using_recovery_password_or_key(subdomain): def delete_using_recovery_password_or_key(subdomain):
try: try:
@ -176,7 +181,7 @@ def delete_using_recovery_password_or_key(subdomain):
@app.route("/domains/<subdomain>/recovery_password", methods=["PUT"]) @app.route("/domains/<subdomain>/recovery_password", methods=["PUT"])
@limiter.limit("5 per hour") @limiter.limit("5 per hour", exempt_when=trusted_ip)
def set_recovery_password_using_key(subdomain): def set_recovery_password_using_key(subdomain):
try: try: