diff options
| author | Magnus Hagander | 2019-06-18 20:12:45 +0000 |
|---|---|---|
| committer | Magnus Hagander | 2019-06-18 20:19:43 +0000 |
| commit | 65b09301c6639c922a2bd4fc4537c2add44d4b60 (patch) | |
| tree | e94a89735e33ad13692e8a963ca2a802db2cabf5 /django/archives/mailarchives | |
| parent | f99a8a671f069567782aa8ee94a682ab03ed2279 (diff) | |
Implement basic rate limiting for sending email
Per-user limit that says how many seconds must go between each email.
Outgoing emails are also delayed by this much (or we'd miss it)
Diffstat (limited to 'django/archives/mailarchives')
| -rw-r--r-- | django/archives/mailarchives/migrations/0003_message_resend.py | 2 | ||||
| -rw-r--r-- | django/archives/mailarchives/models.py | 2 | ||||
| -rw-r--r-- | django/archives/mailarchives/views.py | 6 |
3 files changed, 7 insertions, 3 deletions
diff --git a/django/archives/mailarchives/migrations/0003_message_resend.py b/django/archives/mailarchives/migrations/0003_message_resend.py index 5461502..c1e0419 100644 --- a/django/archives/mailarchives/migrations/0003_message_resend.py +++ b/django/archives/mailarchives/migrations/0003_message_resend.py @@ -19,7 +19,7 @@ class Migration(migrations.Migration): name='ResendMessage', fields=[ ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), - ('registeredat', models.DateTimeField(auto_now_add=True)), + ('registeredat', models.DateTimeField()), ('message', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='mailarchives.Message')), ('sendto', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)), ], diff --git a/django/archives/mailarchives/models.py b/django/archives/mailarchives/models.py index a9ca52e..5c0c1e0 100644 --- a/django/archives/mailarchives/models.py +++ b/django/archives/mailarchives/models.py @@ -124,7 +124,7 @@ class ListSubscriber(models.Model): class ResendMessage(models.Model): message = models.ForeignKey(Message, null=False, blank=False) sendto = models.ForeignKey(User, null=False, blank=False) - registeredat = models.DateTimeField(null=False, blank=False, auto_now_add=True) + registeredat = models.DateTimeField(null=False, blank=False) class ApiClient(models.Model): diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py index bd7b891..03fdf7b 100644 --- a/django/archives/mailarchives/views.py +++ b/django/archives/mailarchives/views.py @@ -646,7 +646,11 @@ def resend(request, messageid): if request.method == 'POST': if request.POST.get('resend', None) == '1': - ResendMessage.objects.get_or_create(message=m, sendto=request.user) + # Figure out if this user has sent an email recently, and if so refuse it + if ResendMessage.objects.filter(sendto=request.user, registeredat__gt=datetime.now()).exists(): + return HttpResponse("You have already requested an email to be sent in the past {0} seconds. Please try again later.".format(settings.RESEND_RATE_LIMIT_SECONDS)) + + ResendMessage.objects.get_or_create(message=m, sendto=request.user, registeredat=datetime.now() + timedelta(seconds=settings.RESEND_RATE_LIMIT_SECONDS)) connection.cursor().execute("NOTIFY archives_resend") return HttpResponseRedirect('/message-id/resend/{0}/complete'.format(m.messageid)) |