add limiter for random alias creation
This commit is contained in:
parent
a570a426d4
commit
92acf352b6
|
@ -23,7 +23,7 @@ from app.models import (
|
||||||
AliasMailbox,
|
AliasMailbox,
|
||||||
DomainDeletedAlias,
|
DomainDeletedAlias,
|
||||||
)
|
)
|
||||||
from app.utils import convert_to_id, random_word, word_exist
|
from app.utils import random_word, word_exist
|
||||||
|
|
||||||
signer = TimestampSigner(CUSTOM_ALIAS_SECRET)
|
signer = TimestampSigner(CUSTOM_ALIAS_SECRET)
|
||||||
|
|
||||||
|
|
|
@ -6,9 +6,9 @@ from sqlalchemy.orm import joinedload
|
||||||
|
|
||||||
from app import alias_utils
|
from app import alias_utils
|
||||||
from app.api.serializer import get_alias_infos_with_pagination_v3
|
from app.api.serializer import get_alias_infos_with_pagination_v3
|
||||||
from app.config import PAGE_LIMIT
|
from app.config import PAGE_LIMIT, ALIAS_LIMIT
|
||||||
from app.dashboard.base import dashboard_bp
|
from app.dashboard.base import dashboard_bp
|
||||||
from app.extensions import db
|
from app.extensions import db, limiter
|
||||||
from app.log import LOG
|
from app.log import LOG
|
||||||
from app.models import (
|
from app.models import (
|
||||||
Alias,
|
Alias,
|
||||||
|
@ -51,6 +51,11 @@ def get_stats(user: User) -> Stats:
|
||||||
|
|
||||||
|
|
||||||
@dashboard_bp.route("/", methods=["GET", "POST"])
|
@dashboard_bp.route("/", methods=["GET", "POST"])
|
||||||
|
@limiter.limit(
|
||||||
|
ALIAS_LIMIT,
|
||||||
|
methods=["POST"],
|
||||||
|
exempt_when=lambda: request.form.get("form-name") != "create-random-email",
|
||||||
|
)
|
||||||
@login_required
|
@login_required
|
||||||
def index():
|
def index():
|
||||||
query = request.args.get("query") or ""
|
query = request.args.get("query") or ""
|
||||||
|
@ -91,7 +96,7 @@ def index():
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
LOG.d("generate new email %s for user %s", alias, current_user)
|
LOG.d("create new random alias %s for user %s", alias, current_user)
|
||||||
flash(f"Alias {alias.email} has been created", "success")
|
flash(f"Alias {alias.email} has been created", "success")
|
||||||
|
|
||||||
return redirect(
|
return redirect(
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
from flask import url_for, g
|
||||||
|
|
||||||
|
from app.models import (
|
||||||
|
Alias,
|
||||||
|
)
|
||||||
|
from tests.utils import login
|
||||||
|
|
||||||
|
|
||||||
|
def test_create_random_alias_success(flask_client):
|
||||||
|
login(flask_client)
|
||||||
|
assert Alias.query.count() == 1
|
||||||
|
|
||||||
|
r = flask_client.post(
|
||||||
|
url_for("dashboard.index"),
|
||||||
|
data={"form-name": "create-random-email"},
|
||||||
|
follow_redirects=True,
|
||||||
|
)
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert Alias.query.count() == 2
|
||||||
|
|
||||||
|
|
||||||
|
def test_too_many_requests(flask_client):
|
||||||
|
login(flask_client)
|
||||||
|
|
||||||
|
# can't create more than 5 aliases in 1 minute
|
||||||
|
for i in range(7):
|
||||||
|
r = flask_client.post(
|
||||||
|
url_for("dashboard.index"),
|
||||||
|
data={"form-name": "create-random-email"},
|
||||||
|
follow_redirects=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
# to make flask-limiter work with unit test
|
||||||
|
# https://github.com/alisaifee/flask-limiter/issues/147#issuecomment-642683820
|
||||||
|
g._rate_limiting_complete = False
|
||||||
|
else:
|
||||||
|
# last request
|
||||||
|
assert r.status_code == 429
|
||||||
|
assert "Whoa, slow down there, pardner!" in str(r.data)
|
Loading…
Reference in New Issue