pre-checkout commit
This commit is contained in:
parent
b4110d887d
commit
ee0dd61793
|
@ -58,6 +58,7 @@ def add_vhost(domain, ip_address):
|
|||
body = {'ip_address': ip_address}
|
||||
if '/' in domain:
|
||||
raise Abort('invalid domain name')
|
||||
click.echo('Please wait, this may take a while...')
|
||||
resp = http_put('/api/cloud/vhosts/' + domain, json=body)
|
||||
handle_sync_response(resp)
|
||||
click.echo('Done.')
|
||||
|
|
|
@ -211,8 +211,19 @@ class CloudService:
|
|||
else:
|
||||
d = {}
|
||||
now = int(utils.get_current_datetime().timestamp())
|
||||
if now - d.get(username, 0) < self.vhost_rate_limit_secs:
|
||||
raise RateLimitError(f'Please wait {self.vhost_rate_limit_secs} seconds')
|
||||
if username not in d:
|
||||
return
|
||||
time_passed = now - d[username]
|
||||
if time_passed < self.vhost_rate_limit_secs:
|
||||
time_remaining = self.vhost_rate_limit_secs - time_passed
|
||||
raise RateLimitError(f'Please wait {time_remaining} seconds')
|
||||
|
||||
def _update_rate_limit_timestamp(self, username: str):
|
||||
if os.path.exists(self.vhost_rate_limit_file):
|
||||
d = json.load(open(self.vhost_rate_limit_file))
|
||||
else:
|
||||
d = {}
|
||||
now = int(utils.get_current_datetime().timestamp())
|
||||
d[username] = now
|
||||
json.dump(d, open(self.vhost_rate_limit_file, 'w'))
|
||||
|
||||
|
@ -225,7 +236,11 @@ class CloudService:
|
|||
if not self._is_valid_ip_address(ip_address):
|
||||
raise InvalidIPError()
|
||||
self._check_rate_limit(username)
|
||||
# Wait for the vhost creation to succeed before updating the timestamp;
|
||||
# we don't want to force people to wait if they had a typo in their
|
||||
# domain or something.
|
||||
self.vhost_mgr.create_vhost(username, domain, ip_address)
|
||||
self._update_rate_limit_timestamp(username)
|
||||
|
||||
def delete_vhost(self, username: str, domain: str):
|
||||
if not self._is_valid_domain(username, domain):
|
||||
|
|
|
@ -9,8 +9,8 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name {{ domain }};
|
||||
ssl_certificate {{ ssl_cert_path }};
|
||||
ssl_certificate_key {{ ssl_key_path }};
|
||||
|
@ -18,6 +18,7 @@ server {
|
|||
location / {
|
||||
proxy_pass http://{{ ip_address }};
|
||||
}
|
||||
include proxy_params;
|
||||
|
||||
access_log /var/log/nginx/member-{{ username }}-access.log;
|
||||
error_log /var/log/nginx/member-{{ username }}-error.log;
|
||||
|
|
|
@ -37,7 +37,10 @@ def test_cloud_vhosts(cli_setup, new_user, cfg):
|
|||
runner = CliRunner()
|
||||
with gssapi_token_ctx(uid):
|
||||
result = runner.invoke(cli, ['cloud', 'vhosts', 'add', domain1, ip1])
|
||||
expected = 'Done.\n'
|
||||
expected = (
|
||||
'Please wait, this may take a while...\n'
|
||||
'Done.\n'
|
||||
)
|
||||
assert result.exit_code == 0
|
||||
assert result.output == expected
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ vhost_dir = /run/ceod/member-vhosts
|
|||
ssl_dir = /run/ceod/member-ssl
|
||||
default_ssl_cert = /etc/ssl/private/csclub.cloud.chain
|
||||
default_ssl_key = /etc/ssl/private/csclub.cloud.key
|
||||
rate_limit_seconds = 10
|
||||
rate_limit_seconds = 30
|
||||
max_vhosts_per_account = 10
|
||||
members_domain = csclub.cloud
|
||||
ip_range_min = 172.19.134.10
|
||||
|
|
Loading…
Reference in New Issue