Added parallel limiting to creating custom domains, directories, mailboxes and subdomains (#1525)

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2024-09-20 15:05:59 +08:00 · 2023-01-11 22:08:52 +01:00 · 2023-01-11 22:08:52 +01:00 · 92de307c75
parent 38c93e7f85
commit 92de307c75
4 changed files with 8 additions and 0 deletions
--- a/app/dashboard/views/custom_domain.py
+++ b/app/dashboard/views/custom_domain.py
@ -3,6 +3,7 @@ from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

+from app import parallel_limiter
 from app.config import EMAIL_SERVERS_WITH_PRIORITY
 from app.dashboard.base import dashboard_bp
 from app.db import Session
@ -19,6 +20,7 @@ class NewCustomDomainForm(FlaskForm):

@dashboard_bp.route("/custom_domain", methods=["GET", "POST"])
@login_required
+@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def custom_domain():
    custom_domains = CustomDomain.filter_by(
        user_id=current_user.id, is_sl_subdomain=False
--- a/app/dashboard/views/directory.py
+++ b/app/dashboard/views/directory.py
@ -9,6 +9,7 @@ from wtforms import (
    IntegerField,
 )

+from app import parallel_limiter
 from app.config import (
    EMAIL_DOMAIN,
    ALIAS_DOMAINS,
@ -45,6 +46,7 @@ class DeleteDirForm(FlaskForm):

@dashboard_bp.route("/directory", methods=["GET", "POST"])
@login_required
+@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def directory():
    dirs = (
        Directory.filter_by(user_id=current_user.id)
--- a/app/dashboard/views/mailbox.py
+++ b/app/dashboard/views/mailbox.py
@ -6,6 +6,7 @@ from itsdangerous import Signer
 from wtforms import validators
 from wtforms.fields.html5 import EmailField

+from app import parallel_limiter
 from app.config import MAILBOX_SECRET, URL, JOB_DELETE_MAILBOX
 from app.dashboard.base import dashboard_bp
 from app.db import Session
@ -29,6 +30,7 @@ class NewMailboxForm(FlaskForm):

@dashboard_bp.route("/mailbox", methods=["GET", "POST"])
@login_required
+@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def mailbox_route():
    mailboxes = (
        Mailbox.filter_by(user_id=current_user.id)
--- a/app/dashboard/views/subdomain.py
+++ b/app/dashboard/views/subdomain.py
@ -3,6 +3,7 @@ import re
 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user

+from app import parallel_limiter
 from app.config import MAX_NB_SUBDOMAIN
 from app.dashboard.base import dashboard_bp
 from app.errors import SubdomainInTrashError
@ -15,6 +16,7 @@ _SUBDOMAIN_PATTERN = r"[0-9a-z-]{1,}"

@dashboard_bp.route("/subdomain", methods=["GET", "POST"])
@login_required
+@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def subdomain_route():
    if not current_user.subdomain_is_available():
        flash("Unknown error, redirect to the home page", "error")