1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
2738: Make ratelimit exemptions less generous r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make ratelimit exemptions less generous, as discussed on #mailu-dev

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
bors[bot] 2023-04-04 12:17:27 +00:00 committed by GitHub
commit d66ddb0f3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -13,14 +13,15 @@ def nginx_authentication():
"""
client_ip = flask.request.headers["Client-Ip"]
headers = flask.request.headers
if headers["Auth-Port"] == '25' and headers['Auth-Method'] != 'none':
is_port_25 = headers["Auth-Port"] == '25'
if is_port_25 and headers['Auth-Method'] != 'none':
response = flask.Response()
response.headers['Auth-Status'] = 'AUTH not supported'
response.headers['Auth-Error-Code'] = '502 5.5.1'
utils.limiter.rate_limit_ip(client_ip)
return response
is_from_webmail = headers['Auth-Port'] in ['10143', '10025']
if not is_from_webmail and utils.limiter.should_rate_limit_ip(client_ip):
if not is_from_webmail and not is_port_25 and utils.limiter.should_rate_limit_ip(client_ip):
status, code = nginx.get_status(flask.request.headers['Auth-Protocol'], 'ratelimit')
response = flask.Response()
response.headers['Auth-Status'] = status
@ -46,6 +47,8 @@ def nginx_authentication():
return response
is_valid_user = True
if headers.get("Auth-Status") == "OK":
# successful email delivery isn't enough to warrant an exemption
if not is_port_25:
utils.limiter.exempt_ip_from_ratelimits(client_ip)
elif is_valid_user:
utils.limiter.rate_limit_user(username, client_ip, password=response.headers.get('Auth-Password', None))