Rate-Limit Update (!81) · Merge requests · The Tor Project / TPA / Anonymous Ticket Portal

MariaV requested to merge rate_limiting into master Feb 11, 2021

Designed to overall security with rate-limiting via Django rate-limit.

Added Django-Ratelimit package to requirements.txt.
Enabled caching in settings.py
Updated sample_env.txt with new required keys.
Updated README.md with rate-limit settings needed to run.
Updated settings.py to call new rate-limit variables from .env
Added two decorators to views.py that take the .env settings via a new callable function to determine rate-limit (one for ip and one for form post method), which also include a custom field, "block_all"--when set to True in .env, will disable those views using decorators.
Added custom URL handler to catch Ratelimited 403 exception and render a custom template with response.status_code 403.
Added rate_limit template.html
Added tests in anonticket/tests.py for rate-limiting, including cache-clearing between tests during tearDown.

All tests passing with 94 percent coverage via python coverage.

Rate-Limit Update