app-MAIL-temp/app/extensions.py

from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
from flask_login import current_user, LoginManager

login_manager = LoginManager()
login_manager.session_protection = "strong"


# We want to rate limit based on:
# - If the user is not logged in: request source IP
# - If the user is logged in: user_id
def __key_func():
    if current_user.is_authenticated:
        return f"userid:{current_user.id}"
    else:
        ip_addr = get_remote_address()
        return f"ip:{ip_addr}"


# Setup rate limit facility
limiter = Limiter(key_func=__key_func)

# @limiter.request_filter
# def ip_whitelist():
#     # Uncomment line to test rate limit in dev environment
#     # return False
#     # No limit for local development
#     return request.remote_addr == "127.0.0.1"
Implement rate limiting 2020-05-24 16:14:48 +02:00			`from flask_limiter import Limiter`
			`from flask_limiter.util import get_remote_address`
Rate limiting depending on user authenticated status (#1221) * Rate limiting depending on user authenticated status * Update app/extensions.py Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com> * Add rate_limiting tests Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com> 2022-08-09 14:57:21 +02:00			`from flask_login import current_user, LoginManager`
bootstrap: db models, login, logout, dashboard pages 2019-07-01 17:18:12 +02:00
			`login_manager = LoginManager()`
Set samesite and secure attributes of session cookie. Enable strong session protection. 2020-05-09 14:13:37 +02:00			`login_manager.session_protection = "strong"`
Implement rate limiting 2020-05-24 16:14:48 +02:00

Rate limiting depending on user authenticated status (#1221) * Rate limiting depending on user authenticated status * Update app/extensions.py Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com> * Add rate_limiting tests Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com> 2022-08-09 14:57:21 +02:00			`# We want to rate limit based on:`
			`# - If the user is not logged in: request source IP`
			`# - If the user is logged in: user_id`
			`def __key_func():`
			`if current_user.is_authenticated:`
			`return f"userid:{current_user.id}"`
			`else:`
			`ip_addr = get_remote_address()`
			`return f"ip:{ip_addr}"`


			`# Setup rate limit facility`
			`limiter = Limiter(key_func=__key_func)`
Implement rate limiting 2020-05-24 16:14:48 +02:00
set rate limit for creating alias endpoint 2021-03-24 16:26:42 +01:00			`# @limiter.request_filter`
			`# def ip_whitelist():`
			`# # Uncomment line to test rate limit in dev environment`
			`# # return False`
			`# # No limit for local development`
			`# return request.remote_addr == "127.0.0.1"`