pre-checkout commit

This commit is contained in:
Max Erenberg 2021-12-11 13:47:34 -05:00
parent b4110d887d
commit ee0dd61793
5 changed files with 26 additions and 6 deletions

View File

@ -58,6 +58,7 @@ def add_vhost(domain, ip_address):
body = {'ip_address': ip_address}
if '/' in domain:
raise Abort('invalid domain name')
click.echo('Please wait, this may take a while...')
resp = http_put('/api/cloud/vhosts/' + domain, json=body)
handle_sync_response(resp)
click.echo('Done.')

View File

@ -211,8 +211,19 @@ class CloudService:
else:
d = {}
now = int(utils.get_current_datetime().timestamp())
if now - d.get(username, 0) < self.vhost_rate_limit_secs:
raise RateLimitError(f'Please wait {self.vhost_rate_limit_secs} seconds')
if username not in d:
return
time_passed = now - d[username]
if time_passed < self.vhost_rate_limit_secs:
time_remaining = self.vhost_rate_limit_secs - time_passed
raise RateLimitError(f'Please wait {time_remaining} seconds')
def _update_rate_limit_timestamp(self, username: str):
if os.path.exists(self.vhost_rate_limit_file):
d = json.load(open(self.vhost_rate_limit_file))
else:
d = {}
now = int(utils.get_current_datetime().timestamp())
d[username] = now
json.dump(d, open(self.vhost_rate_limit_file, 'w'))
@ -225,7 +236,11 @@ class CloudService:
if not self._is_valid_ip_address(ip_address):
raise InvalidIPError()
self._check_rate_limit(username)
# Wait for the vhost creation to succeed before updating the timestamp;
# we don't want to force people to wait if they had a typo in their
# domain or something.
self.vhost_mgr.create_vhost(username, domain, ip_address)
self._update_rate_limit_timestamp(username)
def delete_vhost(self, username: str, domain: str):
if not self._is_valid_domain(username, domain):

View File

@ -9,8 +9,8 @@ server {
}
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ domain }};
ssl_certificate {{ ssl_cert_path }};
ssl_certificate_key {{ ssl_key_path }};
@ -18,6 +18,7 @@ server {
location / {
proxy_pass http://{{ ip_address }};
}
include proxy_params;
access_log /var/log/nginx/member-{{ username }}-access.log;
error_log /var/log/nginx/member-{{ username }}-error.log;

View File

@ -37,7 +37,10 @@ def test_cloud_vhosts(cli_setup, new_user, cfg):
runner = CliRunner()
with gssapi_token_ctx(uid):
result = runner.invoke(cli, ['cloud', 'vhosts', 'add', domain1, ip1])
expected = 'Done.\n'
expected = (
'Please wait, this may take a while...\n'
'Done.\n'
)
assert result.exit_code == 0
assert result.output == expected

View File

@ -80,7 +80,7 @@ vhost_dir = /run/ceod/member-vhosts
ssl_dir = /run/ceod/member-ssl
default_ssl_cert = /etc/ssl/private/csclub.cloud.chain
default_ssl_key = /etc/ssl/private/csclub.cloud.key
rate_limit_seconds = 10
rate_limit_seconds = 30
max_vhosts_per_account = 10
members_domain = csclub.cloud
ip_range_min = 172.19.134.10