From a93c0b0b2a96957cf15266a0e3928f1fc74ed2d0 Mon Sep 17 00:00:00 2001 From: Tdxdxoz Date: Sun, 16 Aug 2020 18:11:10 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=AE=BF=E9=97=AE=E9=A2=91?= =?UTF-8?q?=E7=8E=87=E9=99=90=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ask.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ask.py b/ask.py index 89d6fb7..9f22fa4 100644 --- a/ask.py +++ b/ask.py @@ -1,5 +1,7 @@ from flask import Flask, request, render_template, send_from_directory, abort, redirect from flask_sqlalchemy import SQLAlchemy +from flask_limiter import Limiter +from flask_limiter.util import get_remote_address from mastodon import Mastodon import re, random, string, datetime import html2text @@ -19,6 +21,11 @@ th = Mastodon( app = Flask(__name__) app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///ask.db' app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False +limiter = Limiter( + app, + key_func=get_remote_address, + default_limits=["50 / minute"], +) h2t = html2text.HTML2Text() h2t.ignore_links = True @@ -67,6 +74,7 @@ def root(): return app.send_static_file('ask.html') @app.route('/askMe/inbox', methods=['POST']) +@limiter.limit("10 / minute") def set_inbox(): acct = request.form.get('username') if not re.match('[a-z0-9_]{1,30}(@[a-z\.-_]+)?', acct): @@ -115,6 +123,7 @@ def inbox(acct, secr): return render_template('inbox.html', acct=u.acct, disp=u.disp, url=u.url, avat=u.avat, qs=Question.query.filter_by(acct=acct).all()) @app.route('/askMe///new', methods=['POST']) +@limiter.limit("50 / hour; 1 / 2 second") def new_question(acct, secr): if not User.query.filter_by(acct=acct, secr=secr).first(): abort(404)