api limiter & auto bp register

api/markdown.py

@@ -6,11 +6,22 @@ from contexts.RequestContext import RequestContext
 from db import get_db
 from db.models.Markdown import Markdown
 import logging
+from api import limiter
 logger = logging.getLogger(__name__)
 
 markdown_bp = Blueprint('markdown', __name__, url_prefix='/api/markdown')
 
+@markdown_bp.route('/', methods=['GET'])
+@limiter.limit('5 per minute')
+def get_markdowns():
+    with get_db() as db:
+        mds = db.query(Markdown).all()
+    return jsonify([md.to_dict() for md in mds])
+
+
+
 @markdown_bp.route('/<int:markdown_id>', methods=['GET'])
+@limiter.limit('120 per minute')
 def get_markdown(markdown_id):
     with get_db() as db:
         markdown = db.query(Markdown).get(markdown_id)
@@ -20,6 +31,7 @@ def get_markdown(markdown_id):
 
 @markdown_bp.route('/', methods=['POST'])
 @require_auth(roles=['admin', 'creator'])
+@limiter.limit('20 per minute')
 def create_markdown():
     data = request.json
     title = data.get('title')
@@ -41,6 +53,7 @@ def create_markdown():
 
 @markdown_bp.route('/<int:markdown_id>', methods=['PUT'])
 @require_auth(roles=['admin', 'creator'])
+@limiter.limit('20 per minute')
 def update_markdown(markdown_id):
     with get_db() as db:
         markdown = db.query(Markdown).get(markdown_id)
@@ -55,6 +68,7 @@ def update_markdown(markdown_id):
 
 @markdown_bp.route('/<int:markdown_id>', methods=['DELETE'])
 @require_auth(roles=['admin'])
+@limiter.limit('20 per minute')
 def delete_markdown(markdown_id):
     with get_db() as db:
         markdown = db.query(Markdown).get(markdown_id)