forked from reddit-archive/reddit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
web.py
63 lines (55 loc) · 2.41 KB
/
web.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# The contents of this file are subject to the Common Public Attribution
# License Version 1.0. (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://code.reddit.com/LICENSE. The License is based on the Mozilla Public
# License Version 1.1, but Sections 14 and 15 have been added to cover use of
# software over a computer network and provide for limited attribution for the
# Original Developer. In addition, Exhibit A has been modified to be consistent
# with Exhibit B.
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
# the specific language governing rights and limitations under the License.
#
# The Original Code is reddit.
#
# The Original Developer is the Initial Developer. The Initial Developer of
# the Original Code is reddit Inc.
#
# All portions of the code written by reddit are Copyright (c) 2006-2013 reddit
# Inc. All Rights Reserved.
###############################################################################
from pylons import g, c, request
from r2.controllers.reddit_base import RedditController, abort_with_error
from r2.lib.base import abort
from r2.lib.validator import (
validate,
VOneOf,
VPrintable,
VRatelimit,
VValidatedJSON,
)
class WebLogController(RedditController):
on_validation_error = staticmethod(abort_with_error)
@validate(
VRatelimit(rate_user=False, rate_ip=True, prefix='rate_weblog_'),
level=VOneOf('level', ('error',)),
logs=VValidatedJSON('logs',
VValidatedJSON.ArrayOf(VValidatedJSON.Object({
'msg': VPrintable('msg', max_length=256),
'url': VPrintable('url', max_length=256),
}))
),
)
def POST_message(self, level, logs):
# prevent simple CSRF by requiring a custom header
if not request.headers.get('X-Loggit'):
abort(403)
uid = c.user._id if c.user_is_loggedin else '-'
# only accept a maximum of 3 entries per request
for log in logs[:3]:
g.log.warning('[web frontend] %s: %s | U: %s FP: %s UA: %s',
level, log['msg'], uid, log['url'],
request.user_agent)
VRatelimit.ratelimit(rate_user=False, rate_ip=True,
prefix="rate_weblog_", seconds=10)