Skip to content

Rate-Limit Update

MariaV requested to merge rate_limiting into master

Designed to overall security with rate-limiting via Django rate-limit.

  • Added Django-Ratelimit package to requirements.txt.
  • Enabled caching in settings.py
  • Updated sample_env.txt with new required keys.
  • Updated README.md with rate-limit settings needed to run.
  • Updated settings.py to call new rate-limit variables from .env
  • Added two decorators to views.py that take the .env settings via a new callable function to determine rate-limit (one for ip and one for form post method), which also include a custom field, "block_all"--when set to True in .env, will disable those views using decorators.
  • Added custom URL handler to catch Ratelimited 403 exception and render a custom template with response.status_code 403.
  • Added rate_limit template.html
  • Added tests in anonticket/tests.py for rate-limiting, including cache-clearing between tests during tearDown.

All tests passing with 94 percent coverage via python coverage.

Merge request reports

Loading