Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check that an image is not too long. #1

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
4 changes: 3 additions & 1 deletion danceparty/default_settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,7 @@
CDN_HTTPS_HOST = None
CACHE_POLL_INTERVAL = 30
GA_ID = None
UPLOAD_RATE_PERIOD = 86400 # 1 day
UPLOAD_RATE_COUNT = 2
RG_VERIFY_ENDPOINT = None
RG_VERIFY_SECRET = None
RG_VERIFY_SECRET = None
12 changes: 11 additions & 1 deletion danceparty/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,11 @@ def create_db():
'all': {
'map': "function(doc) { emit(doc.ts, doc) }"
},
},
'upload_rate': {
'map': "function(doc) { if(doc.status != 'approved') { emit(doc.ip, [doc.ts]) } }",
'reduce': "function (key, values, rereduce) { return [].concat.apply([], values).sort().reverse().slice(0,%d); }"%(app.config['UPLOAD_RATE_COUNT']*2) #it is assumed if the majority of the uploads in the bucket are approved that they aren't spammers.
},
}
}
doc = db.get(views['_id'], {})
if doc.get('views') != views['views']:
Expand Down Expand Up @@ -275,6 +279,12 @@ def remove_dance(dance_id):

@app.route('/dance', methods=['POST'])
def upload_dance():
recent = g.db.view('danceparty/upload_rate',group=True, group_level=1, stale='update_after', key=request.remote_addr)
if recent:
now = time.time()
if app.config['UPLOAD_RATE_COUNT'] <= \
len(filter(lambda t: t>(now - app.config['UPLOAD_RATE_PERIOD']), recent.rows[0].value)):
abort(403)
if app.config['RG_VERIFY_ENDPOINT']:
user_id, user_token = request.form['user_id'], request.form['user_token']
check_token = hmac.new(app.config['RG_VERIFY_SECRET'], user_id, hashlib.sha1).hexdigest()
Expand Down