mirror of
https://git.kiwifarms.net/mint/fedi-block-api.git
synced 2024-10-23 01:29:05 +00:00
Additional query DoS mitigation
This commit is contained in:
parent
36ae433c2e
commit
d0f1fe5c06
1 changed files with 6 additions and 4 deletions
8
api.py
8
api.py
|
@ -5,6 +5,7 @@ from hashlib import sha256
|
||||||
from fastapi.templating import Jinja2Templates
|
from fastapi.templating import Jinja2Templates
|
||||||
from requests import get
|
from requests import get
|
||||||
from json import loads
|
from json import loads
|
||||||
|
from re import sub
|
||||||
|
|
||||||
with open("config.json") as f:
|
with open("config.json") as f:
|
||||||
config = loads(f.read())
|
config = loads(f.read())
|
||||||
|
@ -34,6 +35,10 @@ def info():
|
||||||
def blocked(domain: str = None, reason: str = None):
|
def blocked(domain: str = None, reason: str = None):
|
||||||
if domain == None and reason == None:
|
if domain == None and reason == None:
|
||||||
raise HTTPException(status_code=400, detail="No filter specified")
|
raise HTTPException(status_code=400, detail="No filter specified")
|
||||||
|
if reason != None:
|
||||||
|
reason = sub("(%|_)", "", reason)
|
||||||
|
if len(reason) < 3:
|
||||||
|
raise HTTPException(status_code=400, detail="Keyword is shorter than three characters")
|
||||||
conn = sqlite3.connect("blocks.db")
|
conn = sqlite3.connect("blocks.db")
|
||||||
c = conn.cursor()
|
c = conn.cursor()
|
||||||
if domain != None:
|
if domain != None:
|
||||||
|
@ -41,9 +46,6 @@ def blocked(domain: str = None, reason: str = None):
|
||||||
punycode = domain.encode('idna').decode('utf-8')
|
punycode = domain.encode('idna').decode('utf-8')
|
||||||
c.execute("select blocker, blocked, block_level, reason from blocks where blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ?",
|
c.execute("select blocker, blocked, block_level, reason from blocks where blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ?",
|
||||||
(domain, "*." + domain, wildchar, get_hash(domain), punycode, "*." + punycode))
|
(domain, "*." + domain, wildchar, get_hash(domain), punycode, "*." + punycode))
|
||||||
else:
|
|
||||||
if len(reason) < 3:
|
|
||||||
raise HTTPException(status_code=400, detail="Keyword is shorter than three characters")
|
|
||||||
else:
|
else:
|
||||||
c.execute("select blocker, blocked, reason, block_level from blocks where reason like ? and reason != ''", ("%"+reason+"%",))
|
c.execute("select blocker, blocked, reason, block_level from blocks where reason like ? and reason != ''", ("%"+reason+"%",))
|
||||||
blocks = c.fetchall()
|
blocks = c.fetchall()
|
||||||
|
|
Loading…
Reference in a new issue