mirror_maker/fedi-block-api
1
0
Fork 0
mirror of https://git.kiwifarms.net/mint/fedi-block-api.git synced 2024-10-22 23:09:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

Additional query DoS mitigation

Browse source
This commit is contained in:
Mint 2022-11-29 22:36:46 +03:00
parent 36ae433c2e
commit d0f1fe5c06
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
api.py
View file

@ -5,6 +5,7 @@ from hashlib import sha256
from fastapi.templating import Jinja2Templates from fastapi.templating import Jinja2Templates
from requests import get from requests import get
from json import loads from json import loads
from re import sub
with open("config.json") as f: with open("config.json") as f:
config = loads(f.read()) config = loads(f.read())
@ -34,6 +35,10 @@ def info():
def blocked(domain: str = None, reason: str = None): def blocked(domain: str = None, reason: str = None):
if domain == None and reason == None: if domain == None and reason == None:
raise HTTPException(status_code=400, detail="No filter specified") raise HTTPException(status_code=400, detail="No filter specified")
if reason != None:
reason = sub("(%|_)", "", reason)
if len(reason) < 3:
raise HTTPException(status_code=400, detail="Keyword is shorter than three characters")
conn = sqlite3.connect("blocks.db") conn = sqlite3.connect("blocks.db")
c = conn.cursor() c = conn.cursor()
if domain != None: if domain != None:
@ -42,10 +47,7 @@ def blocked(domain: str = None, reason: str = None):
c.execute("select blocker, blocked, block_level, reason from blocks where blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ?", c.execute("select blocker, blocked, block_level, reason from blocks where blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ?",
(domain, "*." + domain, wildchar, get_hash(domain), punycode, "*." + punycode)) (domain, "*." + domain, wildchar, get_hash(domain), punycode, "*." + punycode))
else: else:
if len(reason) < 3: c.execute("select blocker, blocked, reason, block_level from blocks where reason like ? and reason != ''", ("%"+reason+"%",))
raise HTTPException(status_code=400, detail="Keyword is shorter than three characters")
else:
c.execute("select blocker, blocked, reason, block_level from blocks where reason like ? and reason != ''", ("%"+reason+"%",))
blocks = c.fetchall() blocks = c.fetchall()
conn.close() conn.close()