commit 7f7c13581c7c8a97cb9e5fd1d083bc00a08feb5a
parent c8d93eed5d5383a1a4fa0da13ccae46c67044b76
Author: Antoine Amarilli <a3nm@a3nm.net>
Date: Fri, 1 Aug 2014 10:56:09 +0200
add naive throttling and more logging
Diffstat:
2 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/plint_web.py b/plint_web.py
@@ -9,11 +9,15 @@ import diaeresis
from bottle import run, Bottle, request, static_file, redirect, response
from jinja2 import Environment, PackageLoader
from json import dumps
+import time
env = Environment(loader=PackageLoader('plint_web', 'views'))
app = Bottle()
+THROTTLE_DELAY = 2
+throttle = set()
+
def best_match(matches, header):
# inspired by http://www.xml.com/pub/a/2005/06/08/restful.html
@@ -101,8 +105,24 @@ def check(poem):
@app.route('/<lang>/checkjs', method='POST')
def q(lang):
+ global throttle
+ ip = request.environ.get('REMOTE_ADDR')
+ t = time.time()
+ print("== %s %s ==" % (ip, t))
response.content_type = 'application/json'
localization.init_locale(lang)
+ throttle = set(x for x in throttle if t - x[1] < THROTTLE_DELAY)
+ if ip in (x[0] for x in throttle):
+ if lang == 'fr':
+ msg = (("Trop de requêtes pour vérifier le poème,"
+ + " veuillez réessayer dans %d secondes") %
+ THROTTLE_DELAY)
+ else:
+ msg = (("Too many requests to check poem,"
+ + " please try again in %d seconds") %
+ THROTTLE_DELAY)
+ return dumps({'error': msg})
+ throttle.add((ip, t))
poem = request.forms.get('poem')
poem = re.sub(r'<>&', '', request.forms.get('poem'))
print(poem)
diff --git a/views/about.html b/views/about.html
@@ -236,15 +236,14 @@ pour les premiers phonèmes. Les derniers devraient être bons, cependant.</p>
href="https://en.wikipedia.org/wiki/Lint_(software)">lint</a>" pour les
programmes), mais aussi pour l'homophonie avec "plainte".</p>
-<h2 id="log">Est-ce que des logs sont conservés ?</h2>
+<h2 id="log">Vie privée : Est-ce que des logs sont conservés ?</h2>
<p>Oui, des logs peuvent être conservés, afin de pouvoir identifier, quand le
-programme plante, pourquoi le poème d'entrée l'a fait planter. Actuellement je
-ne conserve pas explicitement d'informations sur l'adresse IP qui a soumis le
-poème, encore que le serveur Web conserve peut-être cela... Ne soumettez pas de
-données confidentielles ou personnelles ; récupérez le <a
- href="http://gitorious.org/plint">code source</a> et faites tourner plint
-localement pour ce genre d'usages.</p>
+programme plante, pourquoi le poème d'entrée l'a fait planter. Je conserve donc
+des informations sur les requêtes entrantes (poème, adresse IP). Ausis, ne
+soumettez pas de données confidentielles ou personnelles ; récupérez le <a
+href="http://gitorious.org/plint">code source</a> et faites tourner plint
+localement pour de tels usages.</p>
{% else %}
@@ -463,12 +462,11 @@ programs), but also because "plint" in French would be read like "plainte",
meaning "complaint".</p>
-<h2 id="log">Do you keep logs?</h2>
+<h2 id="log">Privacy: Do you keep logs?</h2>
<p>Yes, I do, because whenever the program chokes on a poem I need to figure out
-what happened, and I need the input poem for that. For now I don't keep explicit
-information about which IP submitted what, although maybe the Web server is
-storing this elsewhere. Hence, if you want to run plint on confidential or
+what happened, and I need the input poem for that, so I keep a trace of incoming
+requests (poem, IP address, etc.). Hence, if you want to run plint on confidential or
personal poems, do not submit them to the online version; instead, retrieve the
<a href="http://gitorious.org/plint">source code</a> and run plint locally.</p>
{% endif %}
