misc: allow multiple rates in tracking code throttling (#35393)

2019-08-13 18:08:54 +02:00 · 2019-08-13 18:08:54 +02:00 · cc5b11b513
parent 32f304fd51
commit cc5b11b513
1 changed files with 11 additions and 10 deletions
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@ -150,16 +150,17 @@ class TrackingCodeDirectory(Directory):
        return r.getvalue()

    def load(self):
-        rate_limit = get_publisher().get_site_option('rate-limit') or '3/s'
-        if rate_limit != 'none':
-            ratelimited = ratelimit.utils.is_ratelimited(
-                    request=get_request().django_request,
-                    group='trackingcode',
-                    key='ip',
-                    rate=rate_limit,
-                    increment=True)
-            if ratelimited:
-                raise errors.AccessForbiddenError('rate limit reached')
+        rate_limit_option = get_publisher().get_site_option('rate-limit') or '3/s 1500/d'
+        if rate_limit_option != 'none':
+            for rate_limit in rate_limit_option.split():
+                ratelimited = ratelimit.utils.is_ratelimited(
+                        request=get_request().django_request,
+                        group='trackingcode',
+                        key='ip',
+                        rate=rate_limit,
+                        increment=True)
+                if ratelimited:
+                    raise errors.AccessForbiddenError('rate limit reached (%s)' % rate_limit)
        try:
            tracking_code = get_publisher().tracking_code_class.get(self.code)
            if tracking_code.formdata_id is None: