From 884a31dfdb4a050fd555ae24f984c2d479539992 Mon Sep 17 00:00:00 2001 From: Minecon724 Date: Wed, 2 Apr 2025 16:42:11 +0200 Subject: [PATCH] Fix admin ratelimit --- src/anonchat/routes.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/anonchat/routes.py b/src/anonchat/routes.py index 4b6f606..4617450 100644 --- a/src/anonchat/routes.py +++ b/src/anonchat/routes.py @@ -10,11 +10,14 @@ import hashlib import json from datetime import datetime +def is_admin(): + return 'admin_authenticated' in session and session['admin_authenticated'] + # Admin authentication middleware def admin_required(f): @wraps(f) def decorated_function(*args, **kwargs): - if 'admin_authenticated' not in session or not session['admin_authenticated']: + if not is_admin(): return redirect(url_for('admin_login', next=request.url)) return f(*args, **kwargs) return decorated_function @@ -136,10 +139,9 @@ def admin_login(): return render_template('admin_login.html') @app.route('/admin', methods=['POST']) -@limiter.limit("1 per minute") +@limiter.limit("1 per minute", deduct_when=lambda response: not is_admin()) @limiter.limit("10 per hour") def admin_login_post(): - error = None username = request.form.get('username') password = request.form.get('password') @@ -157,7 +159,7 @@ def admin_login_post(): return redirect(next_page) return redirect(url_for('admin_dashboard')) else: - flash('Invalid username or password', 'error') + flash('Invalid username or password. Try again in 1 minute.', 'error') return redirect(url_for('admin_login'))