diff --git a/src/synapse_registration/registration/templates/registration/ratelimit.html b/src/synapse_registration/registration/templates/registration/ratelimit.html new file mode 100644 index 0000000..8b8e4dc --- /dev/null +++ b/src/synapse_registration/registration/templates/registration/ratelimit.html @@ -0,0 +1,9 @@ +{% extends "base.html" %} +{% block title %} + Hold Your Horses +{% endblock title %} +{% block content %} +
+ You cannot start additional registrations at this time. +
+{% endblock content %} diff --git a/src/synapse_registration/registration/views.py b/src/synapse_registration/registration/views.py index 5f9936e..80c48be 100644 --- a/src/synapse_registration/registration/views.py +++ b/src/synapse_registration/registration/views.py @@ -3,10 +3,14 @@ from django.shortcuts import render, redirect, get_object_or_404 from django.urls import reverse_lazy from django.core.mail import send_mail from django.conf import settings + from .forms import UsernameForm, EmailForm, RegistrationForm from .models import UserRegistration + import requests + from secrets import token_urlsafe +from datetime import datetime, timedelta class LandingPageView(TemplateView): @@ -51,13 +55,22 @@ class EmailInputView(FormView): ) return self.form_invalid(form) - token = token_urlsafe(32) - if not settings.TRUST_PROXY: ip_address = self.request.META.get("REMOTE_ADDR") else: ip_address = self.request.META.get("HTTP_X_FORWARDED_FOR") + if ( + UserRegistration.objects.filter( + ip_address=ip_address, + timestamp__gte=datetime.now() - timedelta(hours=24), + ).count() + >= 5 + ): + return render(self.request, "registration/ratelimit.html", status=429) + + token = token_urlsafe(32) + UserRegistration.objects.create( username=self.request.session["username"], email=email,