From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 3 Mar 2026 16:56:36 +0000 (+0000)
Subject: ratelimiter: Change limit for the entire class after auth
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=de9ca30a00b0c2322a12aa5b7c8bc9717021cbbf;p=dbl.git

ratelimiter: Change limit for the entire class after auth

We are accessing the limit variables outside of this function, so we
will have to reset limit. This is slightly annoying, but we cannot
perform any authentication checks in __init__().

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/dbl/ratelimiter.py b/src/dbl/ratelimiter.py
index 9201561..173aac0 100644
--- a/src/dbl/ratelimiter.py
+++ b/src/dbl/ratelimiter.py
@@ -132,8 +132,6 @@ class RateLimiterRequest(object):
 		"""
 			Returns True if the request is prohibited by the rate limiter
 		"""
-		limit = self.limit
-
 		# Fetch the API key
 		if self.api_key:
 			# Fetch the API key
@@ -148,16 +146,13 @@ class RateLimiterRequest(object):
 				# If authenticated users have a different limit set,
 				# we change the checked limit to that
 				if self.auth_limit:
-					limit = self.auth_limit
+					self.limit = self.auth_limit
 
 		# Fetch the number of past requests
 		self.requests = await self.get_requests()
 
-		# Assert that some limit has been set
-		assert limit
-
 		# The client is rate-limited when more requests have been received than allowed
-		if self.requests >= limit:
+		if self.requests >= self.limit:
 			return True
 
 		# Increment the request counter