def check_device_id_num(): try: if request.view_args['id_number'] != None: return request.view_args['id_number'] else: return get_remote_address() except: return get_remote_address()
def get(): print(get_remote_address()) icon_path = os.path.join(app.root_path, "static/images") mimetype = "image/vnd.microsoft.icon" icon_name = "favicon.ico" return send_from_directory(icon_path, icon_name, mimetype=mimetype)
def _login_rate_limit() -> t.Tuple[str, str]: try: username = request.get_json()['username'].lower() except: # pylint: disable=bare-except username = '******' return (username, get_remote_address())
def get(self): # feeds get large need to force some cleanup gc.collect() if get_remote_address() != request.access_route[-1]: return jsonify_unauth() if not HTTPD_TOKEN: return jsonify_success() remote = ROUTER_ADDR if current_app.config.get('CIF_ROUTER_ADDR'): remote = current_app.config['CIF_ROUTER_ADDR'] try: r = Client(remote, HTTPD_TOKEN).ping() r = Client(remote, HTTPD_TOKEN).indicators_search({'indicator': 'example.com', 'nolog': '1'}) r = True except TimeoutError: return jsonify_unknown(msg='timeout', code=408) except AuthError: return jsonify_unauth() if not r: return jsonify_unknown(503) return jsonify_success()
def get(self): dbm.sqla.session.add(dbm.PredictReqs(sha1(get_remote_address().encode()).hexdigest(), session.get("act_id"), session.get("session_id"), session['file_hash'], session.get("req_start_t"), datetime.now(), session.get('error'), self.response, session.get("ext_ver"))) dbm.sqla.session.commit() if self.response is not None: self.response['session_id'] = session.get("session_id") return {'response': self.response, 'error': self.error}
def limiter_key_func() -> str: """The Flask-Limiter key function. We delimit by remote address if the user isn't logged in, otherwise we delimit by their current user id number.""" if current_user.is_anonymous: return get_remote_address() else: return str(current_user.id)
def ratelimit_handler(e): return make_response( jsonify( error=str(e), method=request.method, path=request.path, remote_addr=get_remote_address() ), 429)
def limit_exceeded(err): ''' Rate limit message''' remote_ip = get_remote_address() logger.error('IP {} exceeded rate limit' 'with request {} {}'.format(remote_ip, request.method, request.path)) return make_response('Rate limit exceeded!', 429)
def vote_limiter(request): content = request.get_json(silent=True) if ((u'b' in content) and (u'c' in content)): down = False if (u'downvote' in content): down = content.get('downvote') c = content.get('c') b = content.get('b') return (get_remote_address() + b + c + str(down))
def download(): filename = request.form.get('file_name') url = request.form.get('download_url') if not (url and filename): return jsonify({'message': 'Illegal input fields'}) temp_link = download_file(url, filename) send_email(message='Generated file_link: %s' % temp_link, ip_address=get_remote_address()) return jsonify({'file_link': temp_link})
def make_limiter(app): limiter = Limiter( app, key_func=lambda: current_user.id if hasattr(current_user, "id") else get_remote_address(), default_limits=["1000 per day", "30 per minute"], ) limiter.enabled = QuerybookSettings.PRODUCTION for handler in app.logger.handlers: limiter.logger.addHandler(handler) return limiter
def load_user(user_id): #put it here to prevent recursive import with models.py from server.api.models import User user = User.query.get_or_404(user_id) # FIXME: works, but not able to redirect frontend page to 403, only output 403 in console if user.banned: return None #update last active timestamp user.timestamp = datetime.utcnow() #update ip address user.ip_addr = get_remote_address() #print("----remote address: ", get_remote_address()) db.session.commit() return user
def add_log(operation, description): """ :param operation 操作 :param description 描述 :return: None """ try: log = MisOperationLog(administrator_id=g.administrator_id, ip=get_remote_address(), operation=operation, description=description) db.session.add(log) db.session.commit() except Exception: db.session.rollback() current_app.logger.error(traceback.format_exc()) raise ValueError('db error.')
def login(): if current_user.is_authenticated: return redirect(url_for('main.home')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, escape(form.password.data)): login_user(user, remember=form.remember.data, duration=timedelta(days=30)) user.last_login_at = datetime.now() user.last_login_ip = get_remote_address() user.active = True db.session.commit() next_page = request.args.get('next') return redirect(next_page) if next_page else redirect(url_for('main.home')) else: flash('Login Unsuccessful. Please check email and password.','error') session.permanent = True return render_template('login.html', title='Login', form=form)
def scope_func(endpoint_name): """ Returns the key with which to track the user's requests for the purposes of ratelimiting """ # If the request is oauth-authenticated, return email:client if hasattr(request, 'oauth') and request.oauth.client: return "{email}:{client}".format( email=request.oauth.user.email, client=request.oauth.client.client_id, ) # Check if we have a user authenticated via a session cookie elif hasattr(current_user, 'email') and \ 'BOOTSTRAP_USER_EMAIL' in current_app.config and \ current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL']: return "{email}".format(email=current_user.email) # If request doesn't have oauth-identifying information, fall back to # the request's IP address. else: return get_remote_address()
def scope_func(endpoint_name): """ Returns the key with which to track the user's requests for the purposes of ratelimiting """ # If the request is oauth-authenticated, return email:client if hasattr(request, 'oauth') and request.oauth.client: return "{email}:{client}".format( email=request.oauth.user.email, client=request.oauth.client.client_id, ) # Check if we have a user authenticated via a session cookie elif hasattr(current_user, 'email') and \ 'BOOTSTRAP_USER_EMAIL' in current_app.config and \ current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL']: return "{email}".format(email=current_user.email) # If request doesn't have oauth-identifying information, fall back to # the request's IP address. else: return get_remote_address()
def userip(self, request): return str(util.get_remote_address())
def clientIpFilter() -> str: clientIp = get_remote_address() clientIpHeader = request.headers.getlist("X-Forwarded-For") print('Remote IP: {} or {}'.format(clientIp, clientIpHeader)) return clientIpHeader
def exemptFuction(): currentIP = get_remote_address() if currentIP in exemptedIPs: return True return False
def get_identifier(): if current_user.is_authenticated: return current_user.username return get_remote_address()
def index(): print(get_remote_address()) return render_template('index.jinja')
def proxy_get_remote_address(): if HTTPD_PROXY in ['1', 1]: return request.access_route[-1] return get_remote_address()
def generate_limit_key(): """Generate key for request rate limiting.""" # use authenticated user if specified, otherwise use ip by default if limit_by == 'user' and flask.g.get('user') is not None: return flask.g.get('user') return util.get_remote_address()
def before(): current_app.logger.info("Handling " + request.method + " Request for endpoint " + request.path + " from API user '" + get_api_user_id() + "' from address " + util.get_remote_address()) pass
def limiter_filter(): dont_filter = get_remote_address() in (current_app.config.get('WHITE_LIST') or ()) if not current_app.config['DEBUG'] or dont_filter: return True
def limiter_key_func(): from flask_login import current_user if hasattr(current_user, "id"): return current_user.id return get_remote_address()
def get_form_email_or_ip(): return request.form.get('email', get_remote_address())
@app.route('/index2') @limiter.limit("100/day;10/hour;1/minute") # 与index()同功效 def index2(): return jsonify({'response': 'Are we rated limited?'}) @app.route('/index3') @limiter.exempt def index3(): return jsonify({'response': 'We are not rate limited'}) @app.route("/expensive") # exempt_when=callable 当满足给定条件时,可以免除限制 @limiter.limit("1/day", exempt_when=lambda: get_remote_address() == "172.16.4.120") def expensive_route(): return jsonify({'response': 'you are wellcome!'}) # 多个路由应共享速率限制的情况(例如,访问有限速率的相同资源保护路由时) mysql_limit = limiter.shared_limit("2/hour", scope="mysql_flag") # 3) "LIMITER/172.16.4.120/mysql_flag/2/1/hour" @app.route('/index4') @mysql_limit def index4(): return jsonify({'response': 'mysql_limit'})
def proxy_get_remote_address(): if HTTPD_PROXY in ['1', 1]: return request.access_route[-1] return get_remote_address()
def get_request_ip(): return request.headers.get('X-Real-Ip') or get_remote_address()
from flask_cors import CORS from flask_compress import Compress from flaskr.db.connect_db import connect from flaskr.utils.helpers import compareJSONdate, convertJST from bson.json_util import dumps as json from json import dumps from flask_limiter import Limiter from flask_limiter.util import get_remote_address app = Flask(__name__) app.config["COMPRESS_ALGORITHM"] = "br" # rate limiter for everyone excluding AnimeAndromeda and localhost (for testing) limiter = Limiter(app, key_func=lambda: "" if get_remote_address() == "127.0.0.1" or get_remote_address( ) == "76.76.21.21" else get_remote_address(), default_limits=["25 per minute"]) BASE_URL = "/api/v2/anime/" client = connect() db = client["andromeda_dev"] db_report = client["andromeda"] collection = db["anime_docs"] report_collection = db_report["reports"] # Access-Control-Allow-Origin: * CORS(app) # Use brotli compression Compress(app)