view gpp/antispam/decorators.py @ 504:b5bd3509e6e6

Made some tweaks to the ajax login javascript. Cleared the inputs on failure so someone won't repeatedly try a bad login. Redirect on lockout so the page will refresh. Set focus on the username box after failure for convenience.
author Brian Neal <bgneal@gmail.com>
date Sat, 03 Dec 2011 16:25:15 +0000
parents 32cec6cd8808
children a5d11471d031
line wrap: on
line source
"""
This module contains decorators for the antispam application.

"""
from datetime import timedelta
from functools import wraps

from django.shortcuts import render

from antispam.rate_limit import RateLimiter, RateLimiterUnavailable


def rate_limit(count=10, interval=timedelta(minutes=1),
        lockout=timedelta(hours=8)):

    def decorator(fn):

        @wraps(fn)
        def wrapped(request, *args, **kwargs):

            ip = request.META.get('REMOTE_ADDR')
            try:
                rate_limiter = RateLimiter(ip, count, interval, lockout)
                if rate_limiter.is_blocked():
                    return render(request, 'antispam/blocked.html', status=403)

            except RateLimiterUnavailable:
                # just call the function and return the result
                return fn(request, *args, **kwargs)

            response = fn(request, *args, **kwargs)

            if request.method == 'POST':
                success = (response and response.has_header('location') and
                        response.status_code == 302)
                try:
                    if not success and rate_limiter.incr():
                        return render(request, 'antispam/blocked.html', status=403)

                except RateLimiterUnavailable:
                    pass

            return response

        return wrapped
    return decorator