add limiter for random alias creation
This commit is contained in:
parent
a570a426d4
commit
92acf352b6
|
@ -23,7 +23,7 @@ from app.models import (
|
|||
AliasMailbox,
|
||||
DomainDeletedAlias,
|
||||
)
|
||||
from app.utils import convert_to_id, random_word, word_exist
|
||||
from app.utils import random_word, word_exist
|
||||
|
||||
signer = TimestampSigner(CUSTOM_ALIAS_SECRET)
|
||||
|
||||
|
|
|
@ -6,9 +6,9 @@ from sqlalchemy.orm import joinedload
|
|||
|
||||
from app import alias_utils
|
||||
from app.api.serializer import get_alias_infos_with_pagination_v3
|
||||
from app.config import PAGE_LIMIT
|
||||
from app.config import PAGE_LIMIT, ALIAS_LIMIT
|
||||
from app.dashboard.base import dashboard_bp
|
||||
from app.extensions import db
|
||||
from app.extensions import db, limiter
|
||||
from app.log import LOG
|
||||
from app.models import (
|
||||
Alias,
|
||||
|
@ -51,6 +51,11 @@ def get_stats(user: User) -> Stats:
|
|||
|
||||
|
||||
@dashboard_bp.route("/", methods=["GET", "POST"])
|
||||
@limiter.limit(
|
||||
ALIAS_LIMIT,
|
||||
methods=["POST"],
|
||||
exempt_when=lambda: request.form.get("form-name") != "create-random-email",
|
||||
)
|
||||
@login_required
|
||||
def index():
|
||||
query = request.args.get("query") or ""
|
||||
|
@ -91,7 +96,7 @@ def index():
|
|||
|
||||
db.session.commit()
|
||||
|
||||
LOG.d("generate new email %s for user %s", alias, current_user)
|
||||
LOG.d("create new random alias %s for user %s", alias, current_user)
|
||||
flash(f"Alias {alias.email} has been created", "success")
|
||||
|
||||
return redirect(
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
from flask import url_for, g
|
||||
|
||||
from app.models import (
|
||||
Alias,
|
||||
)
|
||||
from tests.utils import login
|
||||
|
||||
|
||||
def test_create_random_alias_success(flask_client):
|
||||
login(flask_client)
|
||||
assert Alias.query.count() == 1
|
||||
|
||||
r = flask_client.post(
|
||||
url_for("dashboard.index"),
|
||||
data={"form-name": "create-random-email"},
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert r.status_code == 200
|
||||
assert Alias.query.count() == 2
|
||||
|
||||
|
||||
def test_too_many_requests(flask_client):
|
||||
login(flask_client)
|
||||
|
||||
# can't create more than 5 aliases in 1 minute
|
||||
for i in range(7):
|
||||
r = flask_client.post(
|
||||
url_for("dashboard.index"),
|
||||
data={"form-name": "create-random-email"},
|
||||
follow_redirects=True,
|
||||
)
|
||||
|
||||
# to make flask-limiter work with unit test
|
||||
# https://github.com/alisaifee/flask-limiter/issues/147#issuecomment-642683820
|
||||
g._rate_limiting_complete = False
|
||||
else:
|
||||
# last request
|
||||
assert r.status_code == 429
|
||||
assert "Whoa, slow down there, pardner!" in str(r.data)
|
Loading…
Reference in New Issue