packages: Limit viewing/downloading of files

This is all going into a single bucket so that we don't have a rate
limiter per path.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/web/packages.py b/src/web/packages.py
index 752d11a3d44cdb6863a8642a6768944692fe7926..b4be53daa67643874f42a3065ae1c169926f9f26 100644 (file)
--- a/src/web/packages.py
+++ b/src/web/packages.py
@@ -91,6 +91,7 @@ class ShowHandler(base.BaseHandler):
 
 
 class FileDownloadHandler(base.BaseHandler):
+       @base.ratelimit(limit=100, minutes=60, key="files")
        async def get(self, uuid, path):
                package = await self.backend.packages.get_by_uuid(uuid)
                if not package:
@@ -124,6 +125,7 @@ class FileDownloadHandler(base.BaseHandler):
 
 
 class FileViewHandler(base.BaseHandler):
+       @base.ratelimit(limit=100, minutes=60, key="files")
        async def get(self, uuid, path):
                package = await self.backend.packages.get_by_uuid(uuid)
                if not package: