diff options
| author | Matthew Lemon <y@yulqen.org> | 2024-12-08 21:18:23 +0000 |
|---|---|---|
| committer | Matthew Lemon <y@yulqen.org> | 2024-12-08 21:18:23 +0000 |
| commit | d3dda8c0bd194c28cf11c189c150c00bdc3e8a83 (patch) | |
| tree | 28a656ea58e1420cc0da024eeadcc6ff1b30f234 | |
| parent | 411e79ada3d5bf315000ff5bb598235118d50b51 (diff) | |
wip: working on ratelimit - not quite working in the browser
| -rw-r--r-- | alphabetlearning/payments/views.py | 2 | ||||
| -rw-r--r-- | config/settings/base.py | 7 | ||||
| -rw-r--r-- | config/settings/local.py | 12 | ||||
| -rw-r--r-- | config/settings/production.py | 3 | ||||
| -rw-r--r-- | pyproject.toml | 1 | ||||
| -rw-r--r-- | uv.lock | 11 |
6 files changed, 30 insertions, 6 deletions
diff --git a/alphabetlearning/payments/views.py b/alphabetlearning/payments/views.py index 7f13e81..2be5344 100644 --- a/alphabetlearning/payments/views.py +++ b/alphabetlearning/payments/views.py @@ -15,6 +15,7 @@ from django.views import View from django.views.decorators.csrf import csrf_exempt from django.views.generic import DeleteView from django.views.generic import TemplateView +from django_ratelimit.decorators import ratelimit from alphabetlearning.payments.models import EmailSignup from alphabetlearning.payments.models import EmailVerification @@ -57,6 +58,7 @@ class SuccessEmailSignupView(TemplateView): return context +@ratelimit(key="ip", rate="2/m", block=True) def email_signup_verification(request): if request.method == "POST": form = EmailVerificationForm(request.POST) diff --git a/config/settings/base.py b/config/settings/base.py index 9c6183c..157926b 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -359,3 +359,10 @@ AWS_S3_ENDPOINT_URL = env("SPACES_ENDPOINT_URL") MAILGUN_API_KEY = env("MAILGUN_API_KEY") MAILGUN_SENDER_DOMAIN = env("MAILGUN_SENDER_DOMAIN") MAILGUN_API_URL = env("MAILGUN_API_URL", default="https://api.eu.mailgun.net/v3") + +CACHES = { + "default": { + "BACKEND": "django.core.cache.backends.db.DatabaseCache", + "LOCATION": "rate_limit_cache", + }, +} diff --git a/config/settings/local.py b/config/settings/local.py index b9eb50b..e95cbb9 100644 --- a/config/settings/local.py +++ b/config/settings/local.py @@ -19,12 +19,12 @@ ALLOWED_HOSTS = ["localhost", "0.0.0.0", "127.0.0.1"] # noqa: S104 # CACHES # ------------------------------------------------------------------------------ # https://docs.djangoproject.com/en/dev/ref/settings/#caches -CACHES = { - "default": { - "BACKEND": "django.core.cache.backends.locmem.LocMemCache", - "LOCATION": "", - }, -} +# CACHES = { +# "default": { +# "BACKEND": "django.core.cache.backends.locmem.LocMemCache", +# "LOCATION": "", +# }, +# } # EMAIL # ------------------------------------------------------------------------------ diff --git a/config/settings/production.py b/config/settings/production.py index cfd7d78..374be33 100644 --- a/config/settings/production.py +++ b/config/settings/production.py @@ -230,3 +230,6 @@ LOGGING = { MAILGUN_API_KEY = env("MAILGUN_API_KEY") MAILGUN_SENDER_DOMAIN = env("MAILGUN_DOMAIN") MAILGUN_API_URL = env("MAILGUN_API_URL", default="https://api.eu.mailgun.net/v3") + +USE_X_FORWARDED_HOST = True +SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") diff --git a/pyproject.toml b/pyproject.toml index 6c89c9b..b2d4262 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -55,6 +55,7 @@ dependencies = [ # https://github.com/samuelcolvin/watchfiles "stripe==11.1.0", "django-stubs[compatible-mypy]>=5.0.4", + "django-ratelimit==4.1.0" ] [tool.uv] # https://docs.astral.sh/uv/concepts/dependencies/#development-dependencies dev-dependencies = [ @@ -17,6 +17,7 @@ dependencies = [ { name = "django-crispy-forms" }, { name = "django-environ" }, { name = "django-model-utils" }, + { name = "django-ratelimit" }, { name = "django-redis" }, { name = "django-storages" }, { name = "django-stubs", extra = ["compatible-mypy"] }, @@ -64,6 +65,7 @@ requires-dist = [ { name = "django-crispy-forms", specifier = "==2.1" }, { name = "django-environ", specifier = "==0.11.2" }, { name = "django-model-utils", specifier = "==4.5.1" }, + { name = "django-ratelimit", specifier = "==4.1.0" }, { name = "django-redis", specifier = "==5.4.0" }, { name = "django-storages", specifier = "==1.14.3" }, { name = "django-stubs", extras = ["compatible-mypy"], specifier = ">=5.0.4" }, @@ -529,6 +531,15 @@ wheels = [ ] [[package]] +name = "django-ratelimit" +version = "4.1.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/6f/8f/94038fe739b095aca3e4708ecc8a4e77f1fcfd87bed5d6baff43d4c80bc4/django-ratelimit-4.1.0.tar.gz", hash = "sha256:555943b283045b917ad59f196829530d63be2a39adb72788d985b90c81ba808b", size = 11551 } +wheels = [ + { url = "https://files.pythonhosted.org/packages/fb/78/2c59b30cd8bc8068d02349acb6aeed5c4e05eb01cdf2107ccd76f2e81487/django_ratelimit-4.1.0-py2.py3-none-any.whl", hash = "sha256:d047a31cf94d83ef1465d7543ca66c6fc16695559b5f8d814d1b51df15110b92", size = 11608 }, +] + +[[package]] name = "django-redis" version = "5.4.0" source = { registry = "https://pypi.org/simple" } |