Home Explore Help
Sign In
221V
/
flaskbb
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Update rate limit settings

sh4nks 9 years ago
parent
7497a218c8
commit
56e61f66a1
2 changed files with 17 additions and 9 deletions
Split View Show Diff Stats
  1. 4 2
      flaskbb/auth/views.py
  2. 13 7
      flaskbb/fixtures/settings.py

+ 4 - 2
flaskbb/auth/views.py
View File 

@@ -36,6 +36,8 @@ auth = Blueprint("auth", __name__)
 
 @auth.before_request
 
 def check_rate_limiting():
 
     """Check the the rate limits for each request for this blueprint."""
 
+    if not flaskbb_config["AUTH_RATELIMIT_ENABLED"]:
 
+        return None
 
     return limiter.check()
 
 
 
@@ -51,8 +53,8 @@ def login_rate_limit():
 
     """Dynamically load the rate limiting config from the database."""
 
     # [count] [per|/] [n (optional)] [second|minute|hour|day|month|year]
 
     return "{count}/{timeout}minutes".format(
 
-        count=flaskbb_config["LOGIN_ATTEMPTS"],
 
-        timeout=flaskbb_config["LOGIN_TIMEOUT"]
 
+        count=flaskbb_config["AUTH_REQUESTS"],
 
+        timeout=flaskbb_config["AUTH_TIMEOUT"]
 
     )

+ 13 - 7
flaskbb/fixtures/settings.py
View File 

@@ -83,22 +83,28 @@ fixture = (
 
                 'name':         "Enable Account Activation",
 
                 'description':  "Enable to let the user activate their account by sending a email with an activation link."
 
             }),
 
-            ('login_attempts', {
 
-                'value':        15,
 
+            ('auth_ratelimit_enabled', {
 
+                'value':        True,
 
+                'value_type':   "boolean",
 
+                'name':         "Enable Auth Rate Limiting",
 
+                'description':  "Enable rate limiting on 'auth' routes. This will limit the amount of requests per minute to a given amount and time.",
 
+            }),
 
+            ('auth_requests', {
 
+                'value':        20,
 
                 'value_type':   "integer",
 
                 'extra':        {'min': 1},
 
-                'name':         "Login Attempts",
 
-                'description':  "Number of requests on each 'auth' route before the user can try to access the route again.",
 
+                'name':         "Auth Requests",
 
+                'description':  "Number of requests on each 'auth' route before the user has to wait a given timeout until he can access the resource again.",
 
             }),
 
-            ('login_timeout', {
 
+            ('auth_timeout', {
 
                 'value':        15,
 
                 'value_type':   "integer",
 
                 'extra':        {'min': 0},
 
-                'name':         "Login Timeout",
 
+                'name':         "Auth Timeout",
 
                 'description':  "The timeout for how long the user has to wait until he can access the resource again (in minutes).",
 
             }),
 
             ('login_recaptcha', {
 
-                'value':        3,
 
+                'value':        5,
 
                 'value_type':   "integer",
 
                 'extra':        {'min': 0},
 
                 'name':         "Login reCAPTCHA",