tmdinosaurcenter/kiosk-guestbook
1
0
Fork 0
mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-04 01:18:12 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: add rate limiting to form submission

Browse Source 
Add Flask-Limiter and cap POST submissions to 5 per minute per IP.
GET requests are not limited. Uses in-memory storage (appropriate
for single-instance kiosk deployment).
This commit is contained in:
Steve Dogiakos
2026-03-09 20:29:17 -06:00
parent d98dd1518b
commit e0d72f8057
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app.py
+4 -1
View File
@@ -1,4 +1,6 @@
from flask import Flask, render_template, request, redirect, url_for, jsonify, abort
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
import sqlite3
import re
import logging
@@ -10,6 +12,7 @@ logger = logging.getLogger(__name__)
app = Flask(__name__)
DATABASE = os.environ.get('DATABASE_PATH', 'guestbook.db')
limiter = Limiter(get_remote_address, app=app, default_limits=[])
def load_banned_words():
banned_words = set()
@@ -72,7 +75,7 @@ with app.app_context():
init_db()
@app.route('/', methods=['GET', 'POST'])
# TODO: No rate limiting — form can be spammed. Add Flask-Limiter (e.g. @limiter.limit("10/minute")).
@limiter.limit("5 per minute", methods=["POST"])
def index():
error = None
if request.method == 'POST':