Merge pull request #169 from dingedi/main

decrease counter if the user wait after the slowdown notice
This commit is contained in:
Piero Toffanin 2021-11-05 11:40:16 -04:00 committed by GitHub
commit 8b0e04c8d1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 2 deletions

View file

@ -25,6 +25,7 @@ def get_version():
except: except:
return "?" return "?"
def get_upload_dir(): def get_upload_dir():
upload_dir = os.path.join(tempfile.gettempdir(), "libretranslate-files-translate") upload_dir = os.path.join(tempfile.gettempdir(), "libretranslate-files-translate")
@ -33,6 +34,7 @@ def get_upload_dir():
return upload_dir return upload_dir
def get_req_api_key(): def get_req_api_key():
if request.is_json: if request.is_json:
json = get_json_dict(request) json = get_json_dict(request)
@ -42,6 +44,7 @@ def get_req_api_key():
return ak return ak
def get_json_dict(request): def get_json_dict(request):
d = request.get_json() d = request.get_json()
if not isinstance(d, dict): if not isinstance(d, dict):
@ -162,8 +165,13 @@ def create_app(args):
def access_check(f): def access_check(f):
@wraps(f) @wraps(f)
def func(*a, **kw): def func(*a, **kw):
if flood.is_banned(get_remote_address()): ip = get_remote_address()
if flood.is_banned(ip):
abort(403, description="Too many request limits violations") abort(403, description="Too many request limits violations")
else:
if flood.has_violation(ip):
flood.decrease(ip)
if args.api_keys and args.require_api_key_origin: if args.api_keys and args.require_api_key_origin:
ak = get_req_api_key() ak = get_req_api_key()
@ -621,7 +629,7 @@ def create_app(args):
""" """
if args.disable_files_translation: if args.disable_files_translation:
abort(400, description="Files translation are disabled on this server.") abort(400, description="Files translation are disabled on this server.")
filepath = os.path.join(get_upload_dir(), filename) filepath = os.path.join(get_upload_dir(), filename)
try: try:
checked_filepath = security.path_traversal_check(filepath, get_upload_dir()) checked_filepath = security.path_traversal_check(filepath, get_upload_dir())

View file

@ -33,6 +33,15 @@ def report(request_ip):
banned[request_ip] += 1 banned[request_ip] += 1
def decrease(request_ip):
if banned[request_ip] > 0:
banned[request_ip] -= 1
def has_violation(request_ip):
return request_ip in banned and banned[request_ip] > 0
def is_banned(request_ip): def is_banned(request_ip):
# More than X offences? # More than X offences?
return active and banned.get(request_ip, 0) >= threshold return active and banned.get(request_ip, 0) >= threshold