예제 #1
0
def _update_hit_count(request, hitcount):
    '''
    Evaluates a request's Hit and corresponding HitCount object and,
    after a bit of clever logic, either ignores the request or registers
    a new Hit.

    This is NOT a view!  But should be used within a view ...

    Returns True if the request was considered a Hit; returns False if not.
    '''
    user = request.user
    session_key = request.session.session_key
    ip = get_ip(request)
    user_agent = request.META.get('HTTP_USER_AGENT', '')[:255]
    hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
    exclude_user_group = getattr(settings, 
                            'HITCOUNT_EXCLUDE_USER_GROUP', None)

    # first, check our request against the blacklists before continuing
    if BlacklistIP.objects.filter(ip__exact=ip) or \
            BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
        return False

    # second, see if we are excluding a specific user group or not
    if exclude_user_group and user.is_authenticated():
        if user.groups.filter(name__in=exclude_user_group):
            return False

    #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE )
    qs = Hit.objects.filter_active() 

    # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
    if hits_per_ip_limit:
        if qs.filter(ip__exact=ip).count() > hits_per_ip_limit:
            return False

    # create a generic Hit object with request data
    hit = Hit(  session=session_key,
                hitcount=hitcount,
                ip=get_ip(request),
                user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],)

    # first, use a user's authentication to see if they made an earlier hit
    if user.is_authenticated():
        if not qs.filter(user=user,hitcount=hitcount):
            hit.user = user #associate this hit with a user
            hit.save()
            return True

    # if not authenticated, see if we have a repeat session
    else:
        if not qs.filter(session=session_key,hitcount=hitcount):
            hit.save()

            # forces a save on this anonymous users session
            request.session.modified = True

            return True

    return False 
예제 #2
0
    def get(self, request, *args, **kwargs):
        response = super(PopularityMixin, self).get(request, *args, **kwargs)

        if self.count_hit is False:
            return response

        if hasattr(self, 'object') and isinstance(self.object, Model): # hey we got a model instance
            opts, u = self.object._meta, request.user
            
            if not request.session.session_key:
                request.session.save()

            try:
                is_authenticated = u.is_authenticated()
            except:
                is_authenticated = u.is_authenticated

            celery_update_hitcount.delay(
                session_key=request.session.session_key,
                ip_address=get_ip(request),
                user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],
                user_id=u.pk if is_authenticated else None,
                app_label=opts.app_label,
                model=opts.model_name,
                object_id=self.object.id,
            )

        return response
예제 #3
0
    def update_hit_count(self, hitcount, request,
                         user_key = 'default'):
        '''
        Returns True if the request was considered a Hit; returns
        False if not.
        '''
        meta = request.META
        
        user = request.user
        session_key = request.session.session_key
        ip = get_ip(request)
        user_agent = meta.get('HTTP_USER_AGENT', '')[:255]
        referer = meta.get('HTTP_REFERER', '')[:511]
        hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
        exclude_user_group = getattr(settings,
                                     'HITCOUNT_EXCLUDE_USER_GROUP', None)

        # first, check our request against the blacklists before continuing
        if BlacklistIP.objects.filter(ip__exact = ip) or \
                BlacklistUserAgent.objects.filter(user_agent__exact = user_agent):
            return False

        # second, see if we are excluding a specific user group or not
        if exclude_user_group and user.is_authenticated():
            if user.groups.filter(name__in = exclude_user_group):
                return False

        # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE )
        qs = Hit.objects.filter_active()

        # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
        if hits_per_ip_limit:
            if qs.filter(ip = ip).count() > hits_per_ip_limit:
                return False

        # create a generic Hit object with request data
        hit = Hit(session = session_key,
                  hitcount = hitcount,
                  ip = ip,
                  user_agent = user_agent,
                  referer = referer,
                  user_key = user_key)

        # first, use a user's authentication to see if they made an earlier hit
        if user.is_authenticated():
            if not qs.filter(user = user, hitcount = hitcount):
                hit.user = user #associate this hit with a user
                hit.save()
                return True
        else:
            # if not authenticated, see if we have a repeat session
            if not qs.filter(session = session_key, hitcount = hitcount):
                hit.save()
                # forces a save on this anonymous users session
                request.session.modified = True
                return True
        return False
예제 #4
0
def _update_hit_count(request, hitcount):
    '''
    Evaluates a request's Hit and corresponding HitCount object and,
    after a bit of clever logic, either ignores the request or registers
    a new Hit.

    This is NOT a view!  But should be used within a view ...

    Returns True if the request was considered a Hit; returns False if not.
    '''
    user = request.user

    if not request.session.session_key:
        request.session.save()

    session_key = request.session.session_key
    ip = get_ip(request)
    user_agent = request.META.get('HTTP_USER_AGENT', '')[:255]
    hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
    exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None)

    # first, check our request against the blacklists before continuing
    if BlacklistIP.objects.filter(ip__exact=ip) or \
            BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
        return False

    # second, see if we are excluding a specific user group or not
    if exclude_user_group and user.is_authenticated():
        if user.groups.filter(name__in=exclude_user_group):
            return False

    #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE )
    qs = Hit.objects.filter_active()

    # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
    if hits_per_ip_limit:
        if qs.filter(ip__exact=ip).count() > hits_per_ip_limit:
            return False

    # create a generic Hit object with request data
    hit = Hit(
        session=session_key,
        hitcount=hitcount,
        ip=get_ip(request),
        user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],
    )

    # first, use a user's authentication to see if they made an earlier hit
    if user.is_authenticated():
        if not qs.filter(user=user, hitcount=hitcount):
            hit.user = user  #associate this hit with a user
            hit.save()
            return True

    # if not authenticated, see if we have a repeat session
    else:
        if not qs.filter(session=session_key, hitcount=hitcount):
            hit.save()

            # forces a save on this anonymous users session
            request.session.modified = True

            return True

    return False
예제 #5
0
    def hit_count(self, request, hitcount):
        """
        Called with a HttpRequest and HitCount object it will return a
        namedtuple:

        UpdateHitCountResponse(hit_counted=Boolean, hit_message='Message').

        `hit_counted` will be True if the hit was counted and False if it was
        not.  `'hit_message` will indicate by what means the Hit was either
        counted or ignored.
        """
        UpdateHitCountResponse = namedtuple(
            'UpdateHitCountResponse', 'hit_counted hit_message')

        # as of Django 1.8.4 empty sessions are not being saved
        # https://code.djangoproject.com/ticket/25489
        if request.session.session_key is None:
            request.session.save()

        user = request.user
        try:
            is_authenticated_user = user.is_authenticated()
        except:
            is_authenticated_user = user.is_authenticated
        session_key = request.session.session_key
        ip = get_ip(request)
        user_agent = request.META.get('HTTP_USER_AGENT', '')[:255]
        hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
        exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None)

        # first, check our request against the IP blacklist
        if BlacklistIP.objects.filter(ip__exact=ip):
            return UpdateHitCountResponse(
                False, 'Not counted: user IP has been blacklisted')

        # second, check our request against the user agent blacklist
        if BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
            return UpdateHitCountResponse(
                False, 'Not counted: user agent has been blacklisted')

        # third, see if we are excluding a specific user group or not
        if exclude_user_group and is_authenticated_user:
            if user.groups.filter(name__in=exclude_user_group):
                return UpdateHitCountResponse(
                    False, 'Not counted: user excluded by group')

        # eliminated first three possible exclusions, now on to checking our database of
        # active hits to see if we should count another one

        # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE)
        qs = Hit.objects.filter_active()

        # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
        if hits_per_ip_limit:
            if qs.filter(ip__exact=ip).count() >= hits_per_ip_limit:
                return UpdateHitCountResponse(
                    False, 'Not counted: hits per IP address limit reached')

        # create a generic Hit object with request data
        hit = Hit(session=session_key, hitcount=hitcount, ip=get_ip(request),
                  user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],)

        # first, use a user's authentication to see if they made an earlier hit
        if is_authenticated_user:
            if not qs.filter(user=user, hitcount=hitcount):
                hit.user = user  # associate this hit with a user
                hit.save()

                response = UpdateHitCountResponse(
                    True, 'Hit counted: user authentication')
            else:
                response = UpdateHitCountResponse(
                    False, 'Not counted: authenticated user has active hit')

        # if not authenticated, see if we have a repeat session
        else:
            if not qs.filter(session=session_key, hitcount=hitcount):
                hit.save()
                response = UpdateHitCountResponse(
                    True, 'Hit counted: session key')
            else:
                response = UpdateHitCountResponse(
                    False, 'Not counted: session key has active hit')

        return response
예제 #6
0
def _update_hit_count(request, hitcount):
    """
    Evaluates a request's Hit and corresponding HitCount object and,
    after a bit of clever logic, either ignores the request or registers
    a new Hit.

    This is NOT a view!  But should be used within a view ...

    Returns True if the request was considered a Hit; returns False if not.
    """

    UpdateHitCountResponse = namedtuple('UpdateHitCountResponse',
        'hit_counted hit_message')

    user = request.user
    session_key = request.session.session_key
    ip = get_ip(request)
    user_agent = request.META.get('HTTP_USER_AGENT', '')[:255]
    hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
    exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None)

    # first, check our request against the IP blacklist
    if BlacklistIP.objects.filter(ip__exact=ip):
        response = UpdateHitCountResponse(False,
            'Not counted: user IP has been blacklisted')
        return response

    # second, check our request against the user agent blacklist
    if BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
        response = UpdateHitCountResponse(False,
            'Not counted: user agent has been blacklisted')
        return response

    # third, see if we are excluding a specific user group or not
    if exclude_user_group and user.is_authenticated():
        if user.groups.filter(name__in=exclude_user_group):
            response = UpdateHitCountResponse(False,
                'Not counted: user excluded by group')
            return response

    # eliminated first three possible exclusions, now on to checking our database of
    # active hits to see if we should count another one

    # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE)
    qs = Hit.objects.filter_active()

    # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
    if hits_per_ip_limit:
        if qs.filter(ip__exact=ip).count() >= hits_per_ip_limit:
            response = UpdateHitCountResponse(False,
                'Not counted: hits per IP address limit reached')
            return response

    # create a generic Hit object with request data
    hit = Hit(session=session_key, hitcount=hitcount, ip=get_ip(request),
        user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],)

    # first, use a user's authentication to see if they made an earlier hit
    if user.is_authenticated():
        if not qs.filter(user=user, hitcount=hitcount):
            hit.user = user  # associate this hit with a user
            hit.save()

            response = UpdateHitCountResponse(True,
                'Hit counted: user authentication')
        else:
            response = UpdateHitCountResponse(False,
                'Not counted: authenticated user has active hit')

    # if not authenticated, see if we have a repeat session
    else:
        if not qs.filter(session=session_key, hitcount=hitcount):
            hit.save()
            response = UpdateHitCountResponse(True,
                'Hit counted: session key')
        else:
            response = UpdateHitCountResponse(False,
                'Not counted: session key has active hit')

    return response
예제 #7
0
def _update_hit_count(request, hitcount):
    '''
    Desn't store IP nor user_agent,
    but check that IP is not blacklisted

    Evaluates a request's Hit and corresponding HitCount object and,
    after a bit of clever logic, either ignores the request or registers
    a new Hit.

    This is NOT a view!  But should be used within a view ...

    Returns True if the request was considered a Hit; returns False if not.
    '''

    # when this is not called by ajax
    if type(request) == RequestContext:
        request = request['request']

    user = request.user

    if not request.session.session_key:
        request.session.save()

    session_key = request.session.session_key
    ip = get_ip(request)
    user_agent = request.META.get('HTTP_USER_AGENT', '')[:255]
    logger.debug('session key: ' + session_key)
    logger.debug('CSRF_COOKIE: ' + request.META.get('CSRF_COOKIE'))


    hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)


    # first, check our request against the blacklists before continuing
    # exclude hits from localhost when not debugging
    # currently the list of bots doesn't have the entire text

    if BlacklistIP.objects.filter(ip__exact=ip) or \
            BlacklistUserAgent.objects.filter(user_agent__contains=user_agent):
        return False

    # don't store hit if user authenticated
    if user.is_authenticated():
        return False

    #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE )
    qs = Hit.objects.filter_active()

    # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
    if hits_per_ip_limit:
        if qs.filter(ip__exact=ip).count() > hits_per_ip_limit:
            return False

    # create a generic Hit object with request data
    hit = Hit(  session=session_key,
                hitcount=hitcount,)

    if not qs.filter(session=session_key,hitcount=hitcount):
        hit.save()
        logger.debug('hit saved')

        # forces a save on this anonymous users session
        request.session.modified = True

        return True
    return False
예제 #8
0
    def hit_count(self, request, hitcount):
        """
        Called with a HttpRequest and HitCount object it will return a
        namedtuple:

        UpdateHitCountResponse(hit_counted=Boolean, hit_message='Message').

        `hit_counted` will be True if the hit was counted and False if it was
        not.  `'hit_message` will indicate by what means the Hit was either
        counted or ignored.
        """
        UpdateHitCountResponse = namedtuple(
            'UpdateHitCountResponse', 'hit_counted hit_message')

        # as of Django 1.8.4 empty sessions are not being saved
        # https://code.djangoproject.com/ticket/25489
        if request.session.session_key is None:
            request.session.save()

        user = request.user
        try:
            is_authenticated_user = user.is_authenticated()
        except:
            is_authenticated_user = user.is_authenticated
        session_key = request.session.session_key
        ip = get_ip(request)
        user_agent = request.META.get('HTTP_USER_AGENT', '')[:255]
        hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
        exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None)

        # first, check our request against the IP blacklist
        if BlacklistIP.objects.filter(ip__exact=ip):
            return UpdateHitCountResponse(
                False, 'Not counted: user IP has been blacklisted')

        # second, check our request against the user agent blacklist
        if BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
            return UpdateHitCountResponse(
                False, 'Not counted: user agent has been blacklisted')

        # third, see if we are excluding a specific user group or not
        if exclude_user_group and is_authenticated_user:
            if user.groups.filter(name__in=exclude_user_group):
                return UpdateHitCountResponse(
                    False, 'Not counted: user excluded by group')

        # eliminated first three possible exclusions, now on to checking our database of
        # active hits to see if we should count another one

        # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE)
        qs = Hit.objects.filter_active()

        # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
        if hits_per_ip_limit:
            if qs.filter(ip__exact=ip).count() >= hits_per_ip_limit:
                return UpdateHitCountResponse(
                    False, 'Not counted: hits per IP address limit reached')

        # create a generic Hit object with request data
        hit = Hit(session=session_key, hitcount=hitcount, ip=get_ip(request),
                  user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],)

        # first, use a user's authentication to see if they made an earlier hit
        if is_authenticated_user:
            if not qs.filter(user=user, hitcount=hitcount):
                hit.user = user  # associate this hit with a user
                hit.save()

                response = UpdateHitCountResponse(
                    True, 'Hit counted: user authentication')
            else:
                response = UpdateHitCountResponse(
                    False, 'Not counted: authenticated user has active hit')

        # if not authenticated, see if we have a repeat session
        else:
            if not qs.filter(session=session_key, hitcount=hitcount):
                hit.save()
                response = UpdateHitCountResponse(
                    True, 'Hit counted: session key')
            else:
                response = UpdateHitCountResponse(
                    False, 'Not counted: session key has active hit')

        return response
예제 #9
0
def _update_hit_count(request, hitcount):
    '''
    Evaluates a request's Hit and corresponding HitCount object and,
    after a bit of clever logic, either ignores the request or registers
    a new Hit.

    This is NOT a view!  But should be used within a view ...

    Returns True if the request was considered a Hit; returns False if not.
    '''

    UpdateHitCountResponse = namedtuple('UpdateHitCountResponse',
                                        'hit_counted hit_message')

    user = request.user
    session_key = request.session.session_key
    ip = get_ip(request)
    user_agent = request.META.get('HTTP_USER_AGENT', '')[:255]
    hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
    exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None)

    # first, check our request against the IP blacklist
    if BlacklistIP.objects.filter(ip__exact=ip):
        response = UpdateHitCountResponse(
            False, 'Not counted: user IP has been blacklisted')
        return response

    # second, check our request against the user agent blacklist
    if BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
        response = UpdateHitCountResponse(
            False, 'Not counted: user agent has been blacklisted')
        return response

    # third, see if we are excluding a specific user group or not
    if exclude_user_group and user.is_authenticated():
        if user.groups.filter(name__in=exclude_user_group):
            response = UpdateHitCountResponse(
                False, 'Not counted: user excluded by group')
            return response

    # eliminated first three possible exclusions, now on to checking our database of
    # active hits to see if we should count another one

    #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE)
    qs = Hit.objects.filter_active()

    # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
    if hits_per_ip_limit:
        if qs.filter(ip__exact=ip).count() > hits_per_ip_limit:
            response = UpdateHitCountResponse(
                False, 'Not counted: hits per IP address limit reached')
            return response

    # create a generic Hit object with request data
    hit = Hit(
        session=session_key,
        hitcount=hitcount,
        ip=get_ip(request),
        user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],
    )

    # first, use a user's authentication to see if they made an earlier hit
    if user.is_authenticated():
        if not qs.filter(user=user, hitcount=hitcount):
            hit.user = user  #associate this hit with a user
            hit.save()

            response = UpdateHitCountResponse(
                True, 'Hit counted: user authentication')
        else:
            response = UpdateHitCountResponse(
                False, 'Not counted: authenticated user has active hit')

    # if not authenticated, see if we have a repeat session
    else:
        if not qs.filter(session=session_key, hitcount=hitcount):
            hit.save()
            response = UpdateHitCountResponse(True, 'Hit counted: session key')
        else:
            response = UpdateHitCountResponse(
                False, 'Not counted: session key has active hit')

    return response