Fixed ratelimits

Didn't really do anything with cronjobs
This commit is contained in:
Kumi 2020-05-24 19:22:17 +02:00
parent ec48876e44
commit 3a9515c885
4 changed files with 28 additions and 13 deletions

View file

@ -1,5 +1,5 @@
from core.classes.cron import Cronjob
from core.helpers.auth import clear_login_log
from core.helpers.auth import clear_login_log, clear_ratelimits
CRONDEFINITIONS = []
CRONFUNCTIONS = {}
@ -20,3 +20,10 @@ loginlog_cron = Cronjob("core.clear_login_log", "* * * * *")
CRONFUNCTIONS["core.clear_login_log"] = clear_login_log
CRONDEFINITIONS.append(loginlog_cron)
### Remove old entries from the rate limit table
ratelimit_cron = Cronjob("core.clear_ratelimits", "* * * * *")
CRONFUNCTIONS["core.clear_ratelimits"] = clear_ratelimits
CRONDEFINITIONS.append(ratelimit_cron)

View file

@ -25,3 +25,7 @@ def login_success(request, user):
def clear_login_log(maxage=int(getValue("core.auth.ratelimit.period", 600))):
timestamp = timezone.now() - timezone.timedelta(seconds=maxage)
LoginLog.objects.filter(timestamp__lt=timestamp).delete()
def clear_ratelimits(maxage=int(getValue("core.auth.ratelimit.block", 3600))):
timestamp = timezone.now() - timezone.timedelta(seconds=maxage)
LoginLog.objects.filter(timestamp__lt=timestamp).delete()

View file

@ -6,7 +6,6 @@ logger = get_task_logger(__name__)
@task(name="cron")
def process_crons():
from core.modules.cron import crondefinitions
for definition in crondefinitions:
if definition.is_due and not definition.is_running:
definition.run()
@ -17,6 +16,7 @@ def run_cron(name, *args, **kwargs):
from core.modules.cron import cronfunctions
log = CronLog.objects.create(task=name)
try:
output = cronfunctions[name]()
if output:
@ -25,3 +25,4 @@ def run_cron(name, *args, **kwargs):
logger.error(f"[{name}] {str(e)}")
log.locked = False
log.save()

View file

@ -19,23 +19,26 @@ class RateLimitedView(TemplateView):
template_name = f"{settings.EXPEPHALON_BACKEND}/auth/ratelimit.html"
def dispatch(self, request, *args, **kwargs):
if not IPLimit.objects.filter(ip=get_client_ip(request)):
return redirect("login")
for iplimit in list(IPLimit.objects.filter(ip=get_client_ip(request))):
if iplimit.end >= timezone.now():
messages.error(request, f"Sorry, there have been to many failed login attempts from your IP. Please try again after {str(iplimit.end)}, or contact support if you need help getting into your account.")
return super().dispatch(request, *args, **kwargs)
return redirect("login")
class AuthView(FormView):
def dispatch(self, request, *args, **kwargs):
limits = list(IPLimit.objects.filter(ip=get_client_ip(request)))
if not limits:
period = timezone.now() - timezone.timedelta(seconds=int(getValue("core.auth.ratelimit.period", 600)))
failures = LoginLog.objects.filter(ip=get_client_ip(request), success=False, timestamp__gte=period)
if len(failures) >= int(getValue("core.auth.ratelimit.attempts", 5)):
limits.append(IPLimit.objects.create(ip=get_client_ip(request)))
for limit in limits:
if limit.end > timezone.now():
messages.error(request, f"Sorry, there have been to many failed login attempts from your IP. Please try again after {str(limit.end)}, or contact support if you need help getting into your account.")
return redirect("ratelimited")
period = timezone.now() - timezone.timedelta(seconds=int(getValue("core.auth.ratelimit.period", 600)))
failures = LoginLog.objects.filter(ip=get_client_ip(request), success=False, timestamp__gte=period)
if len(failures) >= int(getValue("core.auth.ratelimit.attempts", 5)):
IPLimit.objects.create(ip=get_client_ip(request))
return redirect("ratelimited")
return super().dispatch(request, *args, **kwargs)
class LoginView(AuthView):