tmdinosaurcenter/kiosk-guestbook
1
0
Fork 0
mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-04 00:28:21 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: add rate limiting to form submission

Browse Source 
Add Flask-Limiter and cap POST submissions to 5 per minute per IP.
GET requests are not limited. Uses in-memory storage (appropriate
for single-instance kiosk deployment).
This commit is contained in:
Steve Dogiakos
2026-03-09 20:29:17 -06:00
parent d98dd1518b
commit e0d72f8057
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app.py
+4 -1
View File
@@ -1,4 +1,6 @@
from flask import Flask, render_template, request, redirect, url_for, jsonify, abort from flask import Flask, render_template, request, redirect, url_for, jsonify, abort
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
import sqlite3 import sqlite3
import re import re
import logging import logging
@@ -10,6 +12,7 @@ logger = logging.getLogger(__name__)
app = Flask(__name__) app = Flask(__name__)
DATABASE = os.environ.get('DATABASE_PATH', 'guestbook.db') DATABASE = os.environ.get('DATABASE_PATH', 'guestbook.db')
limiter = Limiter(get_remote_address, app=app, default_limits=[])
def load_banned_words(): def load_banned_words():
banned_words = set() banned_words = set()
@@ -72,7 +75,7 @@ with app.app_context():
init_db() init_db()
@app.route('/', methods=['GET', 'POST']) @app.route('/', methods=['GET', 'POST'])
# TODO: No rate limiting — form can be spammed. Add Flask-Limiter (e.g. @limiter.limit("10/minute")). @limiter.limit("5 per minute", methods=["POST"])
def index(): def index():
error = None error = None
if request.method == 'POST': if request.method == 'POST':
requirements.txt
+1
View File
@@ -1,3 +1,4 @@
Flask>=3.1.3 Flask>=3.1.3
Werkzeug>=3.0.6 Werkzeug>=3.0.6
Flask-Limiter>=3.0
gunicorn gunicorn