Add rate-limiting

2025-06-19 05:55:36 -04:00 · 2022-11-20 00:05:25 -06:00 · 2022-11-20 00:05:25 -06:00 · f73e3ae9f1
commit f73e3ae9f1
parent 893a581d96
3 changed files with 27 additions and 4 deletions
--- a/client.py
+++ b/client.py
@ -60,7 +60,7 @@ class Client():
        # Connect to Discord
        self.connect()
        # Discord-related variables
-        self.currentGame = None
+        self.currentGame = {'@id': None}

    # Get from API
    def APIget(self, route:str, content:dict = {}):
@ -76,12 +76,20 @@ class Client():
        self.rpc.connect()

    def signUp(self):
-        r = self.APIpost('user/c/%s' % self.friendCode).json()
+        r = self.APIpost('user/c/%s' % self.friendCode)
+        try:
+            r = r.json()
+        except:
+            raise APIException(r.content)
        if r['Exception']:
            raise APIException(r['Exception'])

    def fetch(self):
-        r = self.APIget('user/%s' % self.friendCode).json()
+        r = self.APIget('user/%s' % self.friendCode)
+        try:
+            r = r.json()
+        except:
+            raise APIException(r.content)
        if r['Exception']:
            raise APIException(r['Exception'])
        return r
@ -109,9 +117,12 @@ class Client():
            if not game:
                raise GameMatchError('unknown game: %s' % uid)

+            print('Update', end = '')
            if self.currentGame != game:
+                print(' [%s -> %s]' % (self.currentGame['@id'], game['@id']), end = '')
                self.currentGame = game
                self.start = int(time.time())
+            print()
            self.rpc.update(
                details = game['name'],
                large_image = game['icon_url'].replace('https://kanzashi-ctr.cdn.nintendo.net/i/', host + '/cdn/i/'),
@ -122,7 +133,8 @@ class Client():
                # But that's dumb so no
            )
        else:
-            self.currentGame = None
+            print('Clear [%s -> %s]' % (self.currentGame['@id'], None))
+            self.currentGame = {'@id': None}
            self.rpc.clear()
        time.sleep(30)

--- a/requirements.txt
+++ b/requirements.txt
@ -4,3 +4,4 @@ nintendoclients>0.0.3
 xmltodict
 requests
 pypresence
+flask-limiter
--- a/server.py
+++ b/server.py
@ -1,8 +1,15 @@
 from flask import Flask, make_response
+from flask_limiter import Limiter
+from flask_limiter.util import get_remote_address
 import sqlite3, requests
 from api import *

 app = Flask(__name__)
+limiter = Limiter(app, key_func = get_remote_address)
+
+@app.errorhandler(429)
+def ratelimit_handler(e):
+    return 'You have exceeded your rate-limit'

 def accessDB():
    con = sqlite3.connect('sqlite/fcLibrary.db')
@ -11,6 +18,7 @@ def accessDB():

 # Grab presence from friendCode
@app.route('/user/<int:friendCode>/', methods=['GET'])
+@limiter.limit('3/minute')
 def userPresence(friendCode:int):
    con, cursor = accessDB()
    try:
@ -44,6 +52,7 @@ def userPresence(friendCode:int):

 # Create entry in database with friendCode
@app.route('/user/c/<int:friendCode>/', methods=['POST'])
+@limiter.limit('3/minute')
 def createUser(friendCode:int):
    con, cursor = accessDB()
    try:
@ -65,6 +74,7 @@ def createUser(friendCode:int):

 # Make Nintendo's cert a 'secure' cert
@app.route('/cdn/i/<string:file>/', methods=['GET'])
+@limiter.limit('1/minute')
 def cdnImage(file:str):
    response = make_response(requests.get('https://kanzashi-ctr.cdn.nintendo.net/i/%s' % file, verify = False).content)
    response.headers['Content-Type'] = 'image/jpeg'