3 лет назад · ee15c249d4
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -6,6 +6,7 @@ from os import path
 
				 db = SQLAlchemy()
			
 
				 DB_NAME = "database.db"
			
 
				 
			
 
				+
			
 
				 def create_app():
			
 
				     app = Flask(__name__)
			
 
				     app.config['SECRET_KEY'] = 'Th15_iS-M1!S3cre4' # used to encrypt session cookies
			
@@ -38,7 +39,6 @@ def create_app():
 
				     def load_user(id):
			
 
				         return User.query.get(int(id)) # by default get() looks for the primary key
			
 
				 
			
 
				-
			
 
				     return app
			
 
				 
			
 
				 
			
--- a/app/database.db
+++ b/app/database.db
--- a/app/logic.py
+++ b/app/logic.py
@@ -2,7 +2,6 @@
 
				 from hmac import new
			
 
				 from flask import Blueprint, render_template, request, flash, redirect, url_for, make_response
			
 
				 from flask_login import login_user, login_required, logout_user, current_user
			
 
				-from werkzeug.security import generate_password_hash, check_password_hash
			
 
				 from argon2 import PasswordHasher
			
 
				 from .models import User, Message
			
 
				 from . import db
			
@@ -14,6 +13,14 @@ from wtforms.validators import DataRequired
 
				 
			
 
				 logic = Blueprint('logic', __name__)
			
 
				 
			
 
				+# Route Rate Limiter
			
 
				+# Application level DoS Protection
			
 
				+from flask import Flask
			
 
				+from flask_limiter import Limiter # HTTP Rate Limit
			
 
				+from flask_limiter.util import get_remote_address
			
 
				+app = Flask(__name__)
			
 
				+limiter = Limiter(app, key_func=get_remote_address)
			
 
				+
			
 
				 # WTForm Classes
			
 
				 class DescForm(FlaskForm):
			
 
				     # declare form field, required input, placeholder and validate data
			
@@ -45,9 +52,9 @@ class RegForm(FlaskForm):
 
				     submit = SubmitField('Register')
			
 
				 
			
 
				 
			
 
				-
			
 
				 @logic.route('/', methods=['GET', 'POST'])
			
 
				 @login_required
			
 
				+@limiter.limit('50 per hour')
			
 
				 def profile():
			
 
				 
			
 
				     form_1 = DescForm()
			
@@ -107,6 +114,7 @@ def profile():
 
				 
			
 
				 
			
 
				 @logic.route('/matchbook', methods=['GET', 'POST'])
			
 
				+@limiter.limit('50 per hour')
			
 
				 @login_required
			
 
				 def matchbook():
			
 
				     all_users = User.query.all()
			
@@ -129,6 +137,7 @@ def matchbook():
 
				 
			
 
				 @logic.route('/messaging', methods=['GET', 'POST'])
			
 
				 @login_required
			
 
				+@limiter.limit('500 per hour')
			
 
				 def messaging():
			
 
				     recipient_id = current_user.focus
			
 
				     recipient = User.query.filter_by(id=recipient_id).first()
			
@@ -172,6 +181,7 @@ def messaging():
 
				 
			
 
				 
			
 
				 @logic.route('/login', methods=['GET', 'POST'])
			
 
				+@limiter.limit('50 per hour')
			
 
				 def login():
			
 
				     form = LoginForm()
			
 
				     ph = PasswordHasher()
			
@@ -208,6 +218,7 @@ def login():
 
				 
			
 
				 @logic.route('/logout')
			
 
				 @login_required
			
 
				+@limiter.limit('50 per hour')
			
 
				 def logout():
			
 
				     logout_user()
			
 
				     response = make_response(redirect(url_for('logic.login')))
			
@@ -219,6 +230,7 @@ def logout():
 
				 
			
 
				 # Signup Route
			
 
				 @logic.route('/register', methods=['GET', 'POST'])
			
 
				+@limiter.limit('50 per hour')
			
 
				 def register():
			
 
				     pass_list = list()