def _update_hit_count(request, hitcount): ''' Evaluates a request's Hit and corresponding HitCount object and, after a bit of clever logic, either ignores the request or registers a new Hit. This is NOT a view! But should be used within a view ... Returns True if the request was considered a Hit; returns False if not. ''' user = request.user session_key = request.session.session_key ip = get_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0) exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None) # first, check our request against the blacklists before continuing if BlacklistIP.objects.filter(ip__exact=ip) or \ BlacklistUserAgent.objects.filter(user_agent__exact=user_agent): return False # second, see if we are excluding a specific user group or not if exclude_user_group and user.is_authenticated(): if user.groups.filter(name__in=exclude_user_group): return False #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE ) qs = Hit.objects.filter_active() # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT) if hits_per_ip_limit: if qs.filter(ip__exact=ip).count() > hits_per_ip_limit: return False # create a generic Hit object with request data hit = Hit( session=session_key, hitcount=hitcount, ip=get_ip(request), user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],) # first, use a user's authentication to see if they made an earlier hit if user.is_authenticated(): if not qs.filter(user=user,hitcount=hitcount): hit.user = user #associate this hit with a user hit.save() return True # if not authenticated, see if we have a repeat session else: if not qs.filter(session=session_key,hitcount=hitcount): hit.save() # forces a save on this anonymous users session request.session.modified = True return True return False
def get(self, request, *args, **kwargs): response = super(PopularityMixin, self).get(request, *args, **kwargs) if self.count_hit is False: return response if hasattr(self, 'object') and isinstance(self.object, Model): # hey we got a model instance opts, u = self.object._meta, request.user if not request.session.session_key: request.session.save() try: is_authenticated = u.is_authenticated() except: is_authenticated = u.is_authenticated celery_update_hitcount.delay( session_key=request.session.session_key, ip_address=get_ip(request), user_agent=request.META.get('HTTP_USER_AGENT', '')[:255], user_id=u.pk if is_authenticated else None, app_label=opts.app_label, model=opts.model_name, object_id=self.object.id, ) return response
def update_hit_count(self, hitcount, request, user_key = 'default'): ''' Returns True if the request was considered a Hit; returns False if not. ''' meta = request.META user = request.user session_key = request.session.session_key ip = get_ip(request) user_agent = meta.get('HTTP_USER_AGENT', '')[:255] referer = meta.get('HTTP_REFERER', '')[:511] hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0) exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None) # first, check our request against the blacklists before continuing if BlacklistIP.objects.filter(ip__exact = ip) or \ BlacklistUserAgent.objects.filter(user_agent__exact = user_agent): return False # second, see if we are excluding a specific user group or not if exclude_user_group and user.is_authenticated(): if user.groups.filter(name__in = exclude_user_group): return False # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE ) qs = Hit.objects.filter_active() # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT) if hits_per_ip_limit: if qs.filter(ip = ip).count() > hits_per_ip_limit: return False # create a generic Hit object with request data hit = Hit(session = session_key, hitcount = hitcount, ip = ip, user_agent = user_agent, referer = referer, user_key = user_key) # first, use a user's authentication to see if they made an earlier hit if user.is_authenticated(): if not qs.filter(user = user, hitcount = hitcount): hit.user = user #associate this hit with a user hit.save() return True else: # if not authenticated, see if we have a repeat session if not qs.filter(session = session_key, hitcount = hitcount): hit.save() # forces a save on this anonymous users session request.session.modified = True return True return False
def _update_hit_count(request, hitcount): ''' Evaluates a request's Hit and corresponding HitCount object and, after a bit of clever logic, either ignores the request or registers a new Hit. This is NOT a view! But should be used within a view ... Returns True if the request was considered a Hit; returns False if not. ''' user = request.user if not request.session.session_key: request.session.save() session_key = request.session.session_key ip = get_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0) exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None) # first, check our request against the blacklists before continuing if BlacklistIP.objects.filter(ip__exact=ip) or \ BlacklistUserAgent.objects.filter(user_agent__exact=user_agent): return False # second, see if we are excluding a specific user group or not if exclude_user_group and user.is_authenticated(): if user.groups.filter(name__in=exclude_user_group): return False #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE ) qs = Hit.objects.filter_active() # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT) if hits_per_ip_limit: if qs.filter(ip__exact=ip).count() > hits_per_ip_limit: return False # create a generic Hit object with request data hit = Hit( session=session_key, hitcount=hitcount, ip=get_ip(request), user_agent=request.META.get('HTTP_USER_AGENT', '')[:255], ) # first, use a user's authentication to see if they made an earlier hit if user.is_authenticated(): if not qs.filter(user=user, hitcount=hitcount): hit.user = user #associate this hit with a user hit.save() return True # if not authenticated, see if we have a repeat session else: if not qs.filter(session=session_key, hitcount=hitcount): hit.save() # forces a save on this anonymous users session request.session.modified = True return True return False
def hit_count(self, request, hitcount): """ Called with a HttpRequest and HitCount object it will return a namedtuple: UpdateHitCountResponse(hit_counted=Boolean, hit_message='Message'). `hit_counted` will be True if the hit was counted and False if it was not. `'hit_message` will indicate by what means the Hit was either counted or ignored. """ UpdateHitCountResponse = namedtuple( 'UpdateHitCountResponse', 'hit_counted hit_message') # as of Django 1.8.4 empty sessions are not being saved # https://code.djangoproject.com/ticket/25489 if request.session.session_key is None: request.session.save() user = request.user try: is_authenticated_user = user.is_authenticated() except: is_authenticated_user = user.is_authenticated session_key = request.session.session_key ip = get_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0) exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None) # first, check our request against the IP blacklist if BlacklistIP.objects.filter(ip__exact=ip): return UpdateHitCountResponse( False, 'Not counted: user IP has been blacklisted') # second, check our request against the user agent blacklist if BlacklistUserAgent.objects.filter(user_agent__exact=user_agent): return UpdateHitCountResponse( False, 'Not counted: user agent has been blacklisted') # third, see if we are excluding a specific user group or not if exclude_user_group and is_authenticated_user: if user.groups.filter(name__in=exclude_user_group): return UpdateHitCountResponse( False, 'Not counted: user excluded by group') # eliminated first three possible exclusions, now on to checking our database of # active hits to see if we should count another one # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE) qs = Hit.objects.filter_active() # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT) if hits_per_ip_limit: if qs.filter(ip__exact=ip).count() >= hits_per_ip_limit: return UpdateHitCountResponse( False, 'Not counted: hits per IP address limit reached') # create a generic Hit object with request data hit = Hit(session=session_key, hitcount=hitcount, ip=get_ip(request), user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],) # first, use a user's authentication to see if they made an earlier hit if is_authenticated_user: if not qs.filter(user=user, hitcount=hitcount): hit.user = user # associate this hit with a user hit.save() response = UpdateHitCountResponse( True, 'Hit counted: user authentication') else: response = UpdateHitCountResponse( False, 'Not counted: authenticated user has active hit') # if not authenticated, see if we have a repeat session else: if not qs.filter(session=session_key, hitcount=hitcount): hit.save() response = UpdateHitCountResponse( True, 'Hit counted: session key') else: response = UpdateHitCountResponse( False, 'Not counted: session key has active hit') return response
def _update_hit_count(request, hitcount): """ Evaluates a request's Hit and corresponding HitCount object and, after a bit of clever logic, either ignores the request or registers a new Hit. This is NOT a view! But should be used within a view ... Returns True if the request was considered a Hit; returns False if not. """ UpdateHitCountResponse = namedtuple('UpdateHitCountResponse', 'hit_counted hit_message') user = request.user session_key = request.session.session_key ip = get_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0) exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None) # first, check our request against the IP blacklist if BlacklistIP.objects.filter(ip__exact=ip): response = UpdateHitCountResponse(False, 'Not counted: user IP has been blacklisted') return response # second, check our request against the user agent blacklist if BlacklistUserAgent.objects.filter(user_agent__exact=user_agent): response = UpdateHitCountResponse(False, 'Not counted: user agent has been blacklisted') return response # third, see if we are excluding a specific user group or not if exclude_user_group and user.is_authenticated(): if user.groups.filter(name__in=exclude_user_group): response = UpdateHitCountResponse(False, 'Not counted: user excluded by group') return response # eliminated first three possible exclusions, now on to checking our database of # active hits to see if we should count another one # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE) qs = Hit.objects.filter_active() # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT) if hits_per_ip_limit: if qs.filter(ip__exact=ip).count() >= hits_per_ip_limit: response = UpdateHitCountResponse(False, 'Not counted: hits per IP address limit reached') return response # create a generic Hit object with request data hit = Hit(session=session_key, hitcount=hitcount, ip=get_ip(request), user_agent=request.META.get('HTTP_USER_AGENT', '')[:255],) # first, use a user's authentication to see if they made an earlier hit if user.is_authenticated(): if not qs.filter(user=user, hitcount=hitcount): hit.user = user # associate this hit with a user hit.save() response = UpdateHitCountResponse(True, 'Hit counted: user authentication') else: response = UpdateHitCountResponse(False, 'Not counted: authenticated user has active hit') # if not authenticated, see if we have a repeat session else: if not qs.filter(session=session_key, hitcount=hitcount): hit.save() response = UpdateHitCountResponse(True, 'Hit counted: session key') else: response = UpdateHitCountResponse(False, 'Not counted: session key has active hit') return response
def _update_hit_count(request, hitcount): ''' Desn't store IP nor user_agent, but check that IP is not blacklisted Evaluates a request's Hit and corresponding HitCount object and, after a bit of clever logic, either ignores the request or registers a new Hit. This is NOT a view! But should be used within a view ... Returns True if the request was considered a Hit; returns False if not. ''' # when this is not called by ajax if type(request) == RequestContext: request = request['request'] user = request.user if not request.session.session_key: request.session.save() session_key = request.session.session_key ip = get_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] logger.debug('session key: ' + session_key) logger.debug('CSRF_COOKIE: ' + request.META.get('CSRF_COOKIE')) hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0) # first, check our request against the blacklists before continuing # exclude hits from localhost when not debugging # currently the list of bots doesn't have the entire text if BlacklistIP.objects.filter(ip__exact=ip) or \ BlacklistUserAgent.objects.filter(user_agent__contains=user_agent): return False # don't store hit if user authenticated if user.is_authenticated(): return False #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE ) qs = Hit.objects.filter_active() # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT) if hits_per_ip_limit: if qs.filter(ip__exact=ip).count() > hits_per_ip_limit: return False # create a generic Hit object with request data hit = Hit( session=session_key, hitcount=hitcount,) if not qs.filter(session=session_key,hitcount=hitcount): hit.save() logger.debug('hit saved') # forces a save on this anonymous users session request.session.modified = True return True return False
def _update_hit_count(request, hitcount): ''' Evaluates a request's Hit and corresponding HitCount object and, after a bit of clever logic, either ignores the request or registers a new Hit. This is NOT a view! But should be used within a view ... Returns True if the request was considered a Hit; returns False if not. ''' UpdateHitCountResponse = namedtuple('UpdateHitCountResponse', 'hit_counted hit_message') user = request.user session_key = request.session.session_key ip = get_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '')[:255] hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0) exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None) # first, check our request against the IP blacklist if BlacklistIP.objects.filter(ip__exact=ip): response = UpdateHitCountResponse( False, 'Not counted: user IP has been blacklisted') return response # second, check our request against the user agent blacklist if BlacklistUserAgent.objects.filter(user_agent__exact=user_agent): response = UpdateHitCountResponse( False, 'Not counted: user agent has been blacklisted') return response # third, see if we are excluding a specific user group or not if exclude_user_group and user.is_authenticated(): if user.groups.filter(name__in=exclude_user_group): response = UpdateHitCountResponse( False, 'Not counted: user excluded by group') return response # eliminated first three possible exclusions, now on to checking our database of # active hits to see if we should count another one #start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE) qs = Hit.objects.filter_active() # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT) if hits_per_ip_limit: if qs.filter(ip__exact=ip).count() > hits_per_ip_limit: response = UpdateHitCountResponse( False, 'Not counted: hits per IP address limit reached') return response # create a generic Hit object with request data hit = Hit( session=session_key, hitcount=hitcount, ip=get_ip(request), user_agent=request.META.get('HTTP_USER_AGENT', '')[:255], ) # first, use a user's authentication to see if they made an earlier hit if user.is_authenticated(): if not qs.filter(user=user, hitcount=hitcount): hit.user = user #associate this hit with a user hit.save() response = UpdateHitCountResponse( True, 'Hit counted: user authentication') else: response = UpdateHitCountResponse( False, 'Not counted: authenticated user has active hit') # if not authenticated, see if we have a repeat session else: if not qs.filter(session=session_key, hitcount=hitcount): hit.save() response = UpdateHitCountResponse(True, 'Hit counted: session key') else: response = UpdateHitCountResponse( False, 'Not counted: session key has active hit') return response