Mercurial > p > roundup > code
view website/issues/extensions/timestamp.py @ 7596:e5fa31aad344
fix: replace bad reverted code change; allow js rate headers
Last commit included an incorrect undo. I was going to move the Allow
header/output format parsing earlier in the dispatch method. But I
reverted it incorrectly and removed it instead. It has been added back
in the former location.
Header that allows javascript access to the rest rate limit header has
been moved. The rate limit headers can be accessed by client side
javascript regardless of the rate limit being exceeded.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 03 Aug 2023 18:28:19 -0400 |
| parents | 35ea9b1efc14 |
| children |
line wrap: on
line source
import time, struct, base64 from roundup.cgi.actions import RegisterAction from roundup.cgi.exceptions import * def timestamp(): return base64.encodestring(struct.pack("i", time.time())).strip() def unpack_timestamp(s): return struct.unpack("i",base64.decodestring(s))[0] class Timestamped: def check(self): try: created = unpack_timestamp(self.form['opaque'].value) except KeyError: raise FormError("somebody tampered with the form") if time.time() - created < 4: raise FormError("responding to the form too quickly") return True class TimestampedRegister(Timestamped, RegisterAction): def permission(self): self.check() RegisterAction.permission(self) def init(instance): instance.registerUtil('timestamp', timestamp) instance.registerAction('register', TimestampedRegister)