plint

French poetry validator
git clone https://a3nm.net/git/plint/
Log | Files | Refs | README

commit 7f7c13581c7c8a97cb9e5fd1d083bc00a08feb5a
parent c8d93eed5d5383a1a4fa0da13ccae46c67044b76
Author: Antoine Amarilli <a3nm@a3nm.net>
Date:   Fri,  1 Aug 2014 10:56:09 +0200

add naive throttling and more logging

Diffstat:
plint_web.py | 20++++++++++++++++++++
views/about.html | 20+++++++++-----------
2 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/plint_web.py b/plint_web.py @@ -9,11 +9,15 @@ import diaeresis from bottle import run, Bottle, request, static_file, redirect, response from jinja2 import Environment, PackageLoader from json import dumps +import time env = Environment(loader=PackageLoader('plint_web', 'views')) app = Bottle() +THROTTLE_DELAY = 2 +throttle = set() + def best_match(matches, header): # inspired by http://www.xml.com/pub/a/2005/06/08/restful.html @@ -101,8 +105,24 @@ def check(poem): @app.route('/<lang>/checkjs', method='POST') def q(lang): + global throttle + ip = request.environ.get('REMOTE_ADDR') + t = time.time() + print("== %s %s ==" % (ip, t)) response.content_type = 'application/json' localization.init_locale(lang) + throttle = set(x for x in throttle if t - x[1] < THROTTLE_DELAY) + if ip in (x[0] for x in throttle): + if lang == 'fr': + msg = (("Trop de requêtes pour vérifier le poème," + + " veuillez réessayer dans %d secondes") % + THROTTLE_DELAY) + else: + msg = (("Too many requests to check poem," + + " please try again in %d seconds") % + THROTTLE_DELAY) + return dumps({'error': msg}) + throttle.add((ip, t)) poem = request.forms.get('poem') poem = re.sub(r'<>&', '', request.forms.get('poem')) print(poem) diff --git a/views/about.html b/views/about.html @@ -236,15 +236,14 @@ pour les premiers phonèmes. Les derniers devraient être bons, cependant.</p> href="https://en.wikipedia.org/wiki/Lint_(software)">lint</a>" pour les programmes), mais aussi pour l'homophonie avec "plainte".</p> -<h2 id="log">Est-ce que des logs sont conservés&nbsp;?</h2> +<h2 id="log">Vie privée&nbsp;: Est-ce que des logs sont conservés&nbsp;?</h2> <p>Oui, des logs peuvent être conservés, afin de pouvoir identifier, quand le -programme plante, pourquoi le poème d'entrée l'a fait planter. Actuellement je -ne conserve pas explicitement d'informations sur l'adresse IP qui a soumis le -poème, encore que le serveur Web conserve peut-être cela... Ne soumettez pas de -données confidentielles ou personnelles ; récupérez le <a - href="http://gitorious.org/plint">code source</a> et faites tourner plint -localement pour ce genre d'usages.</p> +programme plante, pourquoi le poème d'entrée l'a fait planter. Je conserve donc +des informations sur les requêtes entrantes (poème, adresse IP). Ausis, ne +soumettez pas de données confidentielles ou personnelles ; récupérez le <a +href="http://gitorious.org/plint">code source</a> et faites tourner plint +localement pour de tels usages.</p> {% else %} @@ -463,12 +462,11 @@ programs), but also because "plint" in French would be read like "plainte", meaning "complaint".</p> -<h2 id="log">Do you keep logs?</h2> +<h2 id="log">Privacy: Do you keep logs?</h2> <p>Yes, I do, because whenever the program chokes on a poem I need to figure out -what happened, and I need the input poem for that. For now I don't keep explicit -information about which IP submitted what, although maybe the Web server is -storing this elsewhere. Hence, if you want to run plint on confidential or +what happened, and I need the input poem for that, so I keep a trace of incoming +requests (poem, IP address, etc.). Hence, if you want to run plint on confidential or personal poems, do not submit them to the online version; instead, retrieve the <a href="http://gitorious.org/plint">source code</a> and run plint locally.</p> {% endif %}