Project(Task) : Implement Rate Limiting for Issue Creation

blt/settings.py

@@ -193,12 +193,14 @@
 
 # SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
 
-# CACHES = {
-#    'default': {
-#        'BACKEND': 'django.core.cache.backends.db.DatabaseCache',
-#        'LOCATION': 'cache_table',
-#    }
-# }
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.db.DatabaseCache',
+        'LOCATION': 'django_cache',
+    },
+}
+
+
 REST_AUTH = {
     'SESSION_LOGIN': False
 }

website/management/commands/create_cachetable.py

@@ -0,0 +1,17 @@
+from django.core.management.base import BaseCommand
+from django.core.management import call_command
+from django.db import connection
+
+class Command(BaseCommand):
+    help = 'Creates the cache table if it does not exist'
+
+    def handle(self, *args, **options):
+        table_name = 'django_cache'
+        table_exists = table_name in connection.introspection.table_names()
+
+        if table_exists:
+            self.stdout.write(self.style.SUCCESS(f"'{table_name}' table already exists."))
+        else:
+            # Create the cache table
+            call_command('createcachetable')
+            self.stdout.write(self.style.SUCCESS(f"'{table_name}' table created."))

website/views.py

@@ -87,6 +87,9 @@
 from django.core.validators import URLValidator
 from django.core.exceptions import ValidationError
 from django.http import HttpRequest
+from django.core.cache import cache
+from django.utils.timezone import now
+from django.http import HttpResponseForbidden
 
 def is_valid_https_url(url):
     validate = URLValidator(schemes=['https'])  # Only allow HTTPS URLs
@@ -607,6 +610,16 @@ def process_issue(self, user, obj, created, domain, tokenauth=False, score=3):
             )
 
         return HttpResponseRedirect("/")
+
+
+def get_client_ip(request):
+    """Extract the client's IP address from the request."""
+    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+    if x_forwarded_for:
+        ip = x_forwarded_for.split(',')[0]
+    else:
+        ip = request.META.get('REMOTE_ADDR')
+    return ip
 
 class IssueCreate(IssueBaseCreate, CreateView):
     model = Issue
@@ -717,6 +730,14 @@ def post(self, request, *args, **kwargs):
         return super().post(request, *args, **kwargs)
 
     def form_valid(self, form):
+        user_or_ip = self.request.user.get_username() if self.request.user.is_authenticated else get_client_ip(self.request)
+        limit = 50 if self.request.user.is_authenticated else 30  # Your set limits
+        cache_key = f"issue_create_{user_or_ip}_{now().date()}"
+        issue_count = cache.get(cache_key, 0)
+
+        if issue_count >= limit:
+            messages.error(self.request, "You have reached your issue creation limit for today.")
+            return HttpResponseRedirect("/report/")
 
         @atomic
         def create_issue(self,form):
@@ -870,16 +891,19 @@ def create_issue(self,form):
                 self.request.session["created"] = domain_exists
                 self.request.session["domain"] = domain.id
                 login_url = reverse("account_login")
+                cache.set(cache_key, issue_count + 1, 86400)  # Increment the count
                 messages.success(self.request, "Bug added!")
                 return HttpResponseRedirect("{}?next={}".format(login_url, redirect_url))
 
             if tokenauth:
                 self.process_issue(
                     User.objects.get(id=token.user_id), obj, domain_exists, domain, True
                 )
+                cache.set(cache_key, issue_count + 1, 86400)  # Increment the count
                 return JsonResponse("Created", safe=False)
             else:
                 self.process_issue(self.request.user, obj, domain_exists, domain)
+                cache.set(cache_key, issue_count + 1, 86400)  # Increment the count
                 return HttpResponseRedirect(redirect_url + "/")
 
         return create_issue(self,form)