external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(rpc): enforce ratelimiting

Browse source 
New configuration options:

- `[ratelimit] cache`
    - A boolean indicating whether we should use configured cache (1)
      or database (0) for ratelimiting.

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-10-21 10:17:34 -07:00
parent 6662975005
commit 65240c8343
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
5 changed files with 280 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
aurweb/routers/rpc.py
View file

@ -1,9 +1,11 @@
from http import HTTPStatus
from typing import List, Optional
from urllib.parse import unquote
from fastapi import APIRouter, Query, Request
from fastapi.responses import JSONResponse
from aurweb.ratelimit import check_ratelimit
from aurweb.rpc import RPC
router = APIRouter()
@ -64,6 +66,11 @@ async def rpc(request: Request,
# Create a handle to our RPC class.
rpc = RPC(version=v, type=type)
# If ratelimit was exceeded, return a 429 Too Many Requests.
if check_ratelimit(request):
return JSONResponse(rpc.error("Rate limit reached"),
status_code=int(HTTPStatus.TOO_MANY_REQUESTS))
# Prepare list of arguments for input. If 'arg' was given, it'll
# be a list with one element.
arguments = parse_args(request)