Deploy rate-limiting

[ipfire.org.git] / src / web / wiki.py

diff --git a/src/web/wiki.py b/src/web/wiki.py
index cfbef8c54766524ba72dbb92e324256e58505160..30077c075688c36eef9037172082b103eba5bb8a 100644 (file)
--- a/src/web/wiki.py
+++ b/src/web/wiki.py
@@ -67,6 +67,7 @@ class ActionEditHandler(auth.CacheMixin, base.BaseHandler):
 
 class ActionUploadHandler(auth.CacheMixin, base.BaseHandler):
        @tornado.web.authenticated
+       @base.ratelimit(minutes=60, requests=24)
        def post(self):
                path = self.get_argument("path")
 
@@ -92,6 +93,7 @@ class ActionUploadHandler(auth.CacheMixin, base.BaseHandler):
 
 class ActionWatchHandler(auth.CacheMixin, base.BaseHandler):
        @tornado.web.authenticated
+       @base.ratelimit(minutes=60, requests=180)
        def get(self, path, action):
                if path is None:
                        path = "/"
@@ -119,6 +121,7 @@ class ActionRenderHandler(auth.CacheMixin, base.BaseHandler):
                pass # disabled
 
        @tornado.web.authenticated
+       @base.ratelimit(minutes=5, requests=180)
        def post(self, path):
                if path is None:
                        path = "/"
@@ -262,6 +265,7 @@ class PageHandler(auth.CacheMixin, base.BaseHandler):
 
 class SearchHandler(auth.CacheMixin, base.BaseHandler):
        @base.blacklisted
+       @base.ratelimit(minutes=15, requests=10)
        def get(self):
                q = self.get_argument("q")