Mailu/core/admin/mailu/limiter.py

import limits
import limits.storage
import limits.strategies
import ipaddress

class RateLimitExceeded(Exception):
    pass

class Limiter:

    def __init__(self):
        self.storage = None
        self.limiter = None
        self.rate = None
        self.subnet = None
        self.rate_limit_subnet = True

    def init_app(self, app):
        self.storage = limits.storage.storage_from_string(app.config["RATELIMIT_STORAGE_URL"])
        self.limiter = limits.strategies.MovingWindowRateLimiter(self.storage)
        self.rate = limits.parse(app.config["AUTH_RATELIMIT"])
        self.rate_limit_subnet = str(app.config["AUTH_RATELIMIT_SUBNET"])!='False'
        self.subnet = ipaddress.ip_network(app.config["SUBNET"])

    def check(self,clientip):
        # disable limits for internal requests (e.g. from webmail)?
        if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:
            return
        if not self.limiter.test(self.rate,"client-ip",clientip):
            raise RateLimitExceeded()

    def hit(self,clientip):
        # disable limits for internal requests (e.g. from webmail)?
        if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:
            return
        self.limiter.hit(self.rate,"client-ip",clientip)
Limiter implementation 2019-12-06 10:35:21 +02:00			`import limits`
			`import limits.storage`
			`import limits.strategies`
			`import ipaddress`

			`class RateLimitExceeded(Exception):`
			`pass`

			`class Limiter:`

			`def __init__(self):`
			`self.storage = None`
			`self.limiter = None`
			`self.rate = None`
			`self.subnet = None`
Make rate limit for subnet (webmail) configurable 2019-12-16 19:46:17 +02:00			`self.rate_limit_subnet = True`
Limiter implementation 2019-12-06 10:35:21 +02:00
			`def init_app(self, app):`
			`self.storage = limits.storage.storage_from_string(app.config["RATELIMIT_STORAGE_URL"])`
			`self.limiter = limits.strategies.MovingWindowRateLimiter(self.storage)`
			`self.rate = limits.parse(app.config["AUTH_RATELIMIT"])`
Make rate limit for subnet (webmail) configurable 2019-12-16 19:46:17 +02:00			`self.rate_limit_subnet = str(app.config["AUTH_RATELIMIT_SUBNET"])!='False'`
Limiter implementation 2019-12-06 10:35:21 +02:00			`self.subnet = ipaddress.ip_network(app.config["SUBNET"])`

			`def check(self,clientip):`
Make rate limit for subnet (webmail) configurable 2019-12-16 19:46:17 +02:00			`# disable limits for internal requests (e.g. from webmail)?`
			`if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:`
			`return`
Limiter implementation 2019-12-06 10:35:21 +02:00			`if not self.limiter.test(self.rate,"client-ip",clientip):`
			`raise RateLimitExceeded()`

			`def hit(self,clientip):`
Make rate limit for subnet (webmail) configurable 2019-12-16 19:46:17 +02:00			`# disable limits for internal requests (e.g. from webmail)?`
			`if rate_limit_subnet==False and ipaddress.ip_address(clientip) in self.subnet:`
			`return`
Don't raise rate limit exception on hit(), only on check() 2019-12-16 19:47:21 +02:00			`self.limiter.hit(self.rate,"client-ip",clientip)`