Commit d73192f6 authored by Daniel W Bond's avatar Daniel W Bond
Browse files

added rate limites to listing

parent ad2b7df7
......@@ -18,7 +18,7 @@ import requests
from PIL import Image
from braces.views import LoginRequiredMixin
from braces.views import FormValidMessageMixin
from ratelimit.mixins import RatelimitMixin
from ratelimit.decorators import ratelimit
# imports from your apps
from .models import Listing, Bid, Flag, Rating
from .forms import ListingForm, BidForm, FlagForm, SellListingForm,\
......@@ -131,6 +131,11 @@ class CreateListing(LoginRequiredMixin, FormValidMessageMixin, CreateView):
context['my_form'] = form
return context
@ratelimit(key='user', rate='5/m', method='POST', block=True)
@ratelimit(key='user', rate='100/day', method='POST', block=True)
def post(self, request, *args, **kwargs):
return super(CreateListing, self).post(request, *args, **kwargs)
# These next two views are tied together...
class DetailListing(DetailView):
......@@ -192,6 +197,9 @@ class ListingPage(LoginRequiredMixin, View):
view = DetailListing.as_view()
return view(request, *args, **kwargs)
@ratelimit(key='user', rate='5/m', method='POST', block=True)
# rate limit is higher for bids
@ratelimit(key='user', rate='200/d', method='POST', block=True)
def post(self, request, *args, **kwargs):
view = CreateBid.as_view()
return view(request, *args, **kwargs)
......@@ -248,6 +256,11 @@ class CreateFlag(LoginRequiredMixin, CreateView):
context['my_form'] = form
return context
# no daily limit because we want people to flag everything they need to
@ratelimit(key='user', rate='5/m', method='POST', block=True)
def post(self, request, *args, **kwargs):
return super(CreateFlag, self).post(request, *args, **kwargs)
class DeleteFlag(LoginRequiredMixin, DeleteView):
model = Flag
......@@ -311,7 +324,7 @@ class EditListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
return context
class SellListing(LoginRequiredMixin, RatelimitMixin, FormValidMessageMixin, UpdateView):
class SellListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
model = Listing
fields = ['email_message', 'winning_bid', ]
template_suffix_name = '_sell'
......@@ -319,11 +332,6 @@ class SellListing(LoginRequiredMixin, RatelimitMixin, FormValidMessageMixin, Upd
template_name = 'listing_sell.html'
login_url = 'login'
ratelimit_key = 'user'
ratelimit_rate = '1/d'
ratelimit_block = False
ratelimit_method = 'POST'
form_valid_message = "Your email was successfully sent!"
def form_valid(self, form):
......@@ -383,6 +391,11 @@ class SellListing(LoginRequiredMixin, RatelimitMixin, FormValidMessageMixin, Upd
return context
@ratelimit(key='user', rate='5/m', method='POST', block=True)
@ratelimit(key='user', rate='100/d', method='POST', block=True)
def post(self, request, *args, **kwargs):
return super(SellListing, self).post(request, *args, **kwargs)
class UnSellListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
model = Listing
......@@ -442,6 +455,11 @@ class UnSellListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
context['my_form'] = form
return context
@ratelimit(key='user', rate='5/m', method='POST', block=True)
@ratelimit(key='user', rate='100/d', method='POST', block=True)
def post(self, request, *args, **kwargs):
return super(UnSellListing, self).post(request, *args, **kwargs)
class CancelListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
......@@ -550,6 +568,11 @@ class CreateRating(LoginRequiredMixin, CreateView):
context['my_form'] = form
return context
# no per-day limit because you can only rate listings you've been sold to
@ratelimit(key='user', rate='5/m', method='POST', block=True)
def post(self, request, *args, **kwargs):
return super(CreateRating, self).post(request, *args, **kwargs)
class EditRating(LoginRequiredMixin, UpdateView):
model = Rating
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment