Fixed ratelimits
Didn't really do anything with cronjobs
This commit is contained in:
parent
ec48876e44
commit
3a9515c885
4 changed files with 28 additions and 13 deletions
|
@ -1,5 +1,5 @@
|
|||
from core.classes.cron import Cronjob
|
||||
from core.helpers.auth import clear_login_log
|
||||
from core.helpers.auth import clear_login_log, clear_ratelimits
|
||||
|
||||
CRONDEFINITIONS = []
|
||||
CRONFUNCTIONS = {}
|
||||
|
@ -20,3 +20,10 @@ loginlog_cron = Cronjob("core.clear_login_log", "* * * * *")
|
|||
|
||||
CRONFUNCTIONS["core.clear_login_log"] = clear_login_log
|
||||
CRONDEFINITIONS.append(loginlog_cron)
|
||||
|
||||
### Remove old entries from the rate limit table
|
||||
|
||||
ratelimit_cron = Cronjob("core.clear_ratelimits", "* * * * *")
|
||||
|
||||
CRONFUNCTIONS["core.clear_ratelimits"] = clear_ratelimits
|
||||
CRONDEFINITIONS.append(ratelimit_cron)
|
|
@ -25,3 +25,7 @@ def login_success(request, user):
|
|||
def clear_login_log(maxage=int(getValue("core.auth.ratelimit.period", 600))):
|
||||
timestamp = timezone.now() - timezone.timedelta(seconds=maxage)
|
||||
LoginLog.objects.filter(timestamp__lt=timestamp).delete()
|
||||
|
||||
def clear_ratelimits(maxage=int(getValue("core.auth.ratelimit.block", 3600))):
|
||||
timestamp = timezone.now() - timezone.timedelta(seconds=maxage)
|
||||
LoginLog.objects.filter(timestamp__lt=timestamp).delete()
|
|
@ -6,7 +6,6 @@ logger = get_task_logger(__name__)
|
|||
@task(name="cron")
|
||||
def process_crons():
|
||||
from core.modules.cron import crondefinitions
|
||||
|
||||
for definition in crondefinitions:
|
||||
if definition.is_due and not definition.is_running:
|
||||
definition.run()
|
||||
|
@ -17,6 +16,7 @@ def run_cron(name, *args, **kwargs):
|
|||
from core.modules.cron import cronfunctions
|
||||
|
||||
log = CronLog.objects.create(task=name)
|
||||
|
||||
try:
|
||||
output = cronfunctions[name]()
|
||||
if output:
|
||||
|
@ -25,3 +25,4 @@ def run_cron(name, *args, **kwargs):
|
|||
logger.error(f"[{name}] {str(e)}")
|
||||
log.locked = False
|
||||
log.save()
|
||||
|
||||
|
|
|
@ -19,23 +19,26 @@ class RateLimitedView(TemplateView):
|
|||
template_name = f"{settings.EXPEPHALON_BACKEND}/auth/ratelimit.html"
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not IPLimit.objects.filter(ip=get_client_ip(request)):
|
||||
return redirect("login")
|
||||
for iplimit in list(IPLimit.objects.filter(ip=get_client_ip(request))):
|
||||
if iplimit.end >= timezone.now():
|
||||
messages.error(request, f"Sorry, there have been to many failed login attempts from your IP. Please try again after {str(iplimit.end)}, or contact support if you need help getting into your account.")
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
return redirect("login")
|
||||
|
||||
class AuthView(FormView):
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
limits = list(IPLimit.objects.filter(ip=get_client_ip(request)))
|
||||
if not limits:
|
||||
period = timezone.now() - timezone.timedelta(seconds=int(getValue("core.auth.ratelimit.period", 600)))
|
||||
failures = LoginLog.objects.filter(ip=get_client_ip(request), success=False, timestamp__gte=period)
|
||||
if len(failures) >= int(getValue("core.auth.ratelimit.attempts", 5)):
|
||||
limits.append(IPLimit.objects.create(ip=get_client_ip(request)))
|
||||
|
||||
for limit in limits:
|
||||
if limit.end > timezone.now():
|
||||
messages.error(request, f"Sorry, there have been to many failed login attempts from your IP. Please try again after {str(limit.end)}, or contact support if you need help getting into your account.")
|
||||
return redirect("ratelimited")
|
||||
|
||||
period = timezone.now() - timezone.timedelta(seconds=int(getValue("core.auth.ratelimit.period", 600)))
|
||||
failures = LoginLog.objects.filter(ip=get_client_ip(request), success=False, timestamp__gte=period)
|
||||
if len(failures) >= int(getValue("core.auth.ratelimit.attempts", 5)):
|
||||
IPLimit.objects.create(ip=get_client_ip(request))
|
||||
return redirect("ratelimited")
|
||||
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
class LoginView(AuthView):
|
||||
|
|
Loading…
Reference in a new issue