api limiter & auto bp register

2024-12-03 11:28:40 +00:00
parent a93bd5d870
commit e929f67f4e
6 changed files with 62 additions and 24 deletions
--- a/api/auth.py
+++ b/api/auth.py
@@ -4,6 +4,7 @@ from authlib.integrations.flask_client import OAuth
 from contexts.RequestContext import RequestContext
 import env_provider
 import logging
+from api import limiter
 logger = logging.getLogger(__name__)
 auth_bp = Blueprint('auth', __name__, url_prefix='/api')

@@ -17,11 +18,13 @@ keycloak = oauth.register(
 )

@auth_bp.route('/login', methods=['GET'])
+@limiter.limit("20 per minute")
 def login():
    redirect_uri = url_for("auth.authorize", _external=True)
    return keycloak.authorize_redirect(redirect_uri)

@auth_bp.route('/authorize', methods=['GET'])
+@limiter.limit("20 per minute")
 def authorize():
    try:
        token = keycloak.authorize_access_token()
@@ -41,6 +44,7 @@ def logout():
    return redirect(logout_url)

@auth_bp.route("/user", methods=["GET"])
+@limiter.limit("80 per minute")
 def user():
    u = session.get('user')
    if not u: