Make the caller responsible to know whether the rate-limit code should
be called or not
master
Florent Daigniere 3 years ago
parent 3453d12ccb
commit 7f89a29790

@ -31,6 +31,7 @@ def nginx_authentication():
for key, value in headers.items():
response.headers[key] = str(value)
is_valid_user = False
is_from_webmail = headers['Auth-Port'] in ['10143', '10025']
if response.headers.get("Auth-User-Exists"):
username = response.headers["Auth-User"]
if utils.limiter.should_rate_limit_user(username, client_ip):
@ -47,7 +48,7 @@ def nginx_authentication():
utils.limiter.exempt_ip_from_ratelimits(client_ip)
elif is_valid_user:
utils.limiter.rate_limit_user(username, client_ip)
else:
elif not is_from_webmail:
utils.limiter.rate_limit_ip(client_ip)
return response

@ -53,7 +53,6 @@ class LimitWraperFactory(object):
return is_rate_limited
def rate_limit_ip(self, ip):
if ip != app.config['WEBMAIL_ADDRESS']:
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_IP"], 'auth-ip')
client_network = utils.extract_network_from_ip(ip)
if self.is_subject_to_rate_limits(ip):

Loading…
Cancel
Save