From 53a15fe0ae0f81a5c653ff06cb6b78456247dd1b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 19 Nov 2019 14:36:58 +0000
Subject: [PATCH] Adjust rate-limiting to take off load from memcache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/web/auth.py   | 8 ++++----
 src/web/blog.py   | 1 +
 src/web/donate.py | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/web/auth.py b/src/web/auth.py
index bf7ab2dd..56f4b32f 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -45,7 +45,7 @@ class LoginHandler(AuthenticationMixin, base.BaseHandler):
 		self.render("auth/login.html", next=next,
 			incorrect=False, username=None)
 
-	@base.ratelimit(minutes=60, requests=5)
+	@base.ratelimit(minutes=15, requests=10)
 	def post(self):
 		username = self.get_argument("username")
 		password = self.get_argument("password")
@@ -89,7 +89,7 @@ class RegisterHandler(base.BaseHandler):
 
 		self.render("auth/register.html")
 
-	@base.ratelimit(minutes=24*60, requests=5)
+	@base.ratelimit(minutes=15, requests=5)
 	async def post(self):
 		uid   = self.get_argument("uid")
 		email = self.get_argument("email")
@@ -149,7 +149,7 @@ class PasswordResetInitiationHandler(base.BaseHandler):
 
 		self.render("auth/password-reset-initiation.html", username=username)
 
-	@base.ratelimit(minutes=60, requests=5)
+	@base.ratelimit(minutes=15, requests=10)
 	def post(self):
 		username = self.get_argument("username")
 
@@ -193,7 +193,7 @@ class PasswordResetHandler(AuthenticationMixin, base.BaseHandler):
 
 
 class APICheckUID(base.APIHandler):
-	@base.ratelimit(minutes=10, requests=100)
+	@base.ratelimit(minutes=5, requests=100)
 	def get(self):
 		uid = self.get_argument("uid")
 		result = None
diff --git a/src/web/blog.py b/src/web/blog.py
index 375adfc3..13d414e5 100644
--- a/src/web/blog.py
+++ b/src/web/blog.py
@@ -119,6 +119,7 @@ class DraftsHandler(auth.CacheMixin, base.BaseHandler):
 
 
 class SearchHandler(auth.CacheMixin, base.BaseHandler):
+	@base.ratelimit(minutes=5, requests=25)
 	def get(self):
 		q = self.get_argument("q")
 
diff --git a/src/web/donate.py b/src/web/donate.py
index 21f8e81c..8812794b 100644
--- a/src/web/donate.py
+++ b/src/web/donate.py
@@ -37,7 +37,7 @@ class DonateHandler(base.BaseHandler):
 			country=country, first_name=first_name, last_name=last_name,
 			amount=amount, currency=currency, frequency=frequency)
 
-	@base.ratelimit(minutes=24*60, requests=5)
+	@base.ratelimit(minutes=15, requests=5)
 	async def post(self):
 		amount    = self.get_argument("amount")
 		currency  = self.get_argument("currency", "EUR")
-- 
2.47.3