mirror of
https://github.com/simple-login/app.git
synced 2024-11-16 17:08:30 +01:00
a9549c11d7
* Rate limiting depending on user authenticated status * Update app/extensions.py Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com> * Add rate_limiting tests Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
28 lines
803 B
Python
28 lines
803 B
Python
from flask_limiter import Limiter
|
|
from flask_limiter.util import get_remote_address
|
|
from flask_login import current_user, LoginManager
|
|
|
|
login_manager = LoginManager()
|
|
login_manager.session_protection = "strong"
|
|
|
|
|
|
# We want to rate limit based on:
|
|
# - If the user is not logged in: request source IP
|
|
# - If the user is logged in: user_id
|
|
def __key_func():
|
|
if current_user.is_authenticated:
|
|
return f"userid:{current_user.id}"
|
|
else:
|
|
ip_addr = get_remote_address()
|
|
return f"ip:{ip_addr}"
|
|
|
|
|
|
# Setup rate limit facility
|
|
limiter = Limiter(key_func=__key_func)
|
|
|
|
# @limiter.request_filter
|
|
# def ip_whitelist():
|
|
# # Uncomment line to test rate limit in dev environment
|
|
# # return False
|
|
# # No limit for local development
|
|
# return request.remote_addr == "127.0.0.1"
|