Skip to content

Commit

Permalink
Add RealIPMiddleware
Browse files Browse the repository at this point in the history 
This ensures that the ip key used for ratelimitting is meaningfull.
  • Loading branch information
@DeD1rk
DeD1rk committed Apr 26, 2023
1 parent 49716e7 commit 41d42a7
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
9 changes: 9 additions & 0 deletions website/thaliawebsite/middleware.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
class RealIPMiddleware:
"""Sets `REMOTE_ADDR` to the X-Real-IP header set by the reverse proxy."""

def __init__(self, get_response):
self.get_response = get_response

def __call__(self, request):
request.META["REMOTE_ADDR"] = request.headers["X-Real-Ip"]
return self.get_response(request)
2 changes: 1 addition & 1 deletion website/thaliawebsite/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -501,8 +501,8 @@ def from_env(
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.locale.LocaleMiddleware",
"thaliawebsite.middleware.RealIPMiddleware",
"django_ratelimit.middleware.RatelimitMiddleware",
# Our middleware
"members.middleware.MemberMiddleware",
"announcements.middleware.AnnouncementMiddleware",
]
Expand Down
3 changes: 2 additions & 1 deletion website/thaliawebsite/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ def post(self, request, *args, **kwargs):


class RateLimitedLoginView(LoginView):
@method_decorator(ratelimit(key="ip", rate="10/m"))
@method_decorator(ratelimit(key="ip", rate="30/h"))
@method_decorator(ratelimit(key="post:username", rate="30/h"))
def post(self, request, *args, **kwargs):
return super().post(request, *args, **kwargs)

Expand Down

0 comments on commit 41d42a7

Please sign in to comment.