[Bug 1125536] Convert all rate limiting to a standard helper.

kitsune/forums/views.py

@@ -7,7 +7,6 @@
 from django.views.decorators.http import require_POST
 
 from authority.decorators import permission_required_or_403
-from ratelimit.helpers import is_ratelimited
 from statsd import statsd
 
 from kitsune import forums as constants
@@ -20,7 +19,7 @@
 from kitsune.forums.models import Forum, Thread, Post
 from kitsune.sumo.helpers import urlparams
 from kitsune.sumo.urlresolvers import reverse
-from kitsune.sumo.utils import paginate, user_or_ip
+from kitsune.sumo.utils import paginate, is_ratelimited
 from kitsune.users.models import Setting
 
 log = logging.getLogger('k.forums')
@@ -141,11 +140,6 @@ def posts(request, forum_slug, thread_id, form=None, post_preview=None,
         'forums': Forum.objects.all()})
 
 
-def _skip_post_ratelimit(request):
-    """exclude users with the questions.bypass_ratelimit permission."""
-    return request.user.has_perm('questions.bypass_answer_ratelimit')
-
-
 @require_POST
 @login_required
 def reply(request, forum_slug, thread_id):
@@ -171,10 +165,7 @@ def reply(request, forum_slug, thread_id):
                 post_preview = reply_
                 post_preview.author_post_count = \
                     reply_.author.post_set.count()
-            elif (_skip_post_ratelimit(request) or
-                  not is_ratelimited(request, increment=True, rate='15/d',
-                                     ip=False,
-                                     keys=user_or_ip('forum-post'))):
+            elif not is_ratelimited(request, 'forum-post', '15/d'):
                 reply_.save()
                 statsd.incr('forums.reply')
 
@@ -218,9 +209,7 @@ def new_thread(request, forum_slug):
                                 content=form.cleaned_data['content'])
             post_preview.author_post_count = \
                 post_preview.author.post_set.count()
-        elif (_skip_post_ratelimit(request) or
-              not is_ratelimited(request, increment=True, rate='5/d', ip=False,
-                                 keys=user_or_ip('forum-post'))):
+        elif not is_ratelimited(request, 'forum-post', '5/d'):
             thread = forum.thread_set.create(creator=request.user,
                                              title=form.cleaned_data['title'])
             thread.save()

kitsune/journal/admin.py

@@ -0,0 +1,17 @@
+from django.contrib import admin
+
+from kitsune.journal.models import Record
+
+
+class RecordAdmin(admin.ModelAdmin):
+    list_display = (
+        'id',
+        'level',
+        'src',
+        'msg',
+        'created',
+    )
+    list_filter = ('src',)
+
+
+admin.site.register(Record, RecordAdmin)

kitsune/journal/migrations/0001_initial.py

@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        # Adding model 'Record'
+        db.create_table(u'journal_record', (
+            (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
+            ('level', self.gf('django.db.models.fields.CharField')(max_length=20)),
+            ('src', self.gf('django.db.models.fields.CharField')(max_length=50)),
+            ('msg', self.gf('django.db.models.fields.CharField')(max_length=255)),
+            ('created', self.gf('django.db.models.fields.DateTimeField')(default=datetime.datetime.now)),
+        ))
+        db.send_create_signal(u'journal', ['Record'])
+
+
+    def backwards(self, orm):
+        # Deleting model 'Record'
+        db.delete_table(u'journal_record')
+
+
+    models = {
+        u'journal.record': {
+            'Meta': {'object_name': 'Record'},
+            'created': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'level': ('django.db.models.fields.CharField', [], {'max_length': '20'}),
+            'msg': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
+            'src': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        }
+    }
+
+    complete_apps = ['journal']

kitsune/journal/models.py

@@ -0,0 +1,45 @@
+from datetime import datetime
+
+from django.db import models
+
+
+RECORD_INFO = u'info'
+RECORD_ERROR = u'error'
+
+
+class RecordManager(models.Manager):
+    def log(self, level, src, msg, **kwargs):
+        msg = msg.format(**kwargs).encode('utf-8')
+        return Record.objects.create(level=RECORD_INFO, src=src, msg=msg)
+
+    def info(self, src, msg, **kwargs):
+        self.log(RECORD_INFO, src, msg, **kwargs)
+
+    def error(self, src, msg, **kwargs):
+        self.log(RECORD_ERROR, src, msg, **kwargs)
+
+
+class Record(models.Model):
+    """Defines an audit record for something that happened in translations"""
+
+    TYPE_CHOICES = [
+        (RECORD_INFO, RECORD_INFO),
+        (RECORD_ERROR, RECORD_ERROR),
+    ]
+
+    # The log level of this message (e.g. "info", "error", ...)
+    level = models.CharField(choices=TYPE_CHOICES, max_length=20)
+
+    # What component was running (e.g. "sumo.ratelimit", "questions.aaq")
+    src = models.CharField(max_length=50)
+
+    # The message details. (e.g. "user bob hit the ratelimit for questions.ask")
+    msg = models.CharField(max_length=255)
+
+    # When this log entry was created
+    created = models.DateTimeField(default=datetime.now)
+
+    objects = RecordManager()
+
+    def __unicode__(self):
+        return u'<Record {self.src} {self.msg}>'.format(self=self)

kitsune/kbforums/views.py

@@ -6,7 +6,6 @@
 from django.shortcuts import get_object_or_404, render
 from django.views.decorators.http import require_POST
 
-from ratelimit.helpers import is_ratelimited
 from statsd import statsd
 
 from kitsune import kbforums
@@ -19,7 +18,7 @@
 from kitsune.kbforums.models import Thread, Post
 from kitsune.lib.sumo_locales import LOCALES
 from kitsune.sumo.urlresolvers import reverse
-from kitsune.sumo.utils import paginate, get_next_url, user_or_ip
+from kitsune.sumo.utils import paginate, get_next_url, is_ratelimited
 from kitsune.users.models import Setting
 from kitsune.wiki.models import Document
 
@@ -122,10 +121,8 @@ def _is_ratelimited(request):
     They are ratelimited together with the same key.
     """
     return (
-        is_ratelimited(request, increment=True, rate='4/m', ip=False,
-                       keys=user_or_ip('kbforum-post-min')) or
-        is_ratelimited(request, increment=True, rate='50/d', ip=False,
-                       keys=user_or_ip('kbforum-post-day')))
+        is_ratelimited(request, 'kbforum-post-min', '4/m') or
+        is_ratelimited(request, 'kbforum-post-day', '50/d'))
 
 
 @login_required

kitsune/messages/views.py

@@ -9,7 +9,7 @@
 
 from mobility.decorators import mobile_template
 from multidb.pinning import mark_as_write
-from ratelimit.helpers import is_ratelimited
+from kitsune.sumo.utils import is_ratelimited
 from statsd import statsd
 from tower import ugettext as _
 
@@ -18,7 +18,7 @@
 from kitsune.messages.forms import MessageForm, ReplyForm
 from kitsune.messages.models import InboxMessage, OutboxMessage
 from kitsune.sumo.urlresolvers import reverse
-from kitsune.sumo.utils import user_or_ip, paginate
+from kitsune.sumo.utils import paginate
 
 
 @login_required
@@ -91,8 +91,7 @@ def new_message(request, template):
     form = MessageForm(request.POST or None, initial={'to': to})
 
     if (request.method == 'POST' and form.is_valid() and
-            not is_ratelimited(request, increment=True, rate='50/d', ip=False,
-                               keys=user_or_ip('private-message-day'))):
+            not is_ratelimited(request, 'primate-message-day', '50/d')):
         send_message(form.cleaned_data['to'], form.cleaned_data['message'],
                      request.user)
         if form.cleaned_data['in_reply_to']:

kitsune/questions/views.py

@@ -23,8 +23,6 @@
 import jingo
 from ordereddict import OrderedDict
 from mobility.decorators import mobile_template
-from ratelimit.decorators import ratelimit
-from ratelimit.helpers import is_ratelimited
 from session_csrf import anonymous_csrf
 from statsd import statsd
 from taggit.models import Tag
@@ -52,11 +50,10 @@
 from kitsune.search.es_utils import (ES_EXCEPTIONS, Sphilastic, F,
                                      es_query_with_analyzer)
 from kitsune.search.utils import locale_or_default, clean_excerpt
-from kitsune.sumo.decorators import ssl_required
+from kitsune.sumo.decorators import ssl_required, ratelimit
 from kitsune.sumo.helpers import urlparams
 from kitsune.sumo.urlresolvers import reverse, split_path
-from kitsune.sumo.utils import (
-    paginate, simple_paginate, build_paged_url, user_or_ip)
+from kitsune.sumo.utils import paginate, simple_paginate, build_paged_url, is_ratelimited
 from kitsune.tags.utils import add_existing_tag
 from kitsune.upload.models import ImageAttachment
 from kitsune.upload.views import upload_imageattachment
@@ -670,9 +667,7 @@ def aaq(request, product_key=None, category_key=None, showform=False,
 
     user_ct = ContentType.objects.get_for_model(request.user)
 
-    if form.is_valid() and not is_ratelimited(request, increment=True,
-                                              rate='5/d', ip=False,
-                                              keys=user_or_ip('aaq-day')):
+    if form.is_valid() and not is_ratelimited(request, 'aaq-day', '5/d'):
         question = Question(creator=request.user,
                             title=form.cleaned_data['title'],
                             content=form.cleaned_data['content'],
@@ -843,17 +838,13 @@ def _skip_answer_ratelimit(request):
 
     Also exclude users with the questions.bypass_ratelimit permission.
     """
-    return ('delete_images' in request.POST or
-            'upload_image' in request.POST or
-            request.user.has_perm('questions.bypass_answer_ratelimit'))
+    return 'delete_images' in request.POST or 'upload_image' in request.POST
 
 
 @require_POST
 @login_required
-@ratelimit(keys=user_or_ip('answer-min'), skip_if=_skip_answer_ratelimit,
-           ip=False, rate='4/m')
-@ratelimit(keys=user_or_ip('answer-day'), skip_if=_skip_answer_ratelimit,
-           ip=False, rate='100/d')
+@ratelimit('answer-min', '4/m', skip_if=_skip_answer_ratelimit)
+@ratelimit('answer-day', '100/d', skip_if=_skip_answer_ratelimit)
 def reply(request, question_id):
     """Post a new answer to a question."""
     question = get_object_or_404(Question, pk=question_id, is_spam=False)
@@ -982,7 +973,7 @@ def unsolve(request, question_id, answer_id):
 
 @require_POST
 @csrf_exempt
-@ratelimit(keys=user_or_ip('question-vote'), ip=False, rate='10/d')
+@ratelimit('question-vote', '10/d')
 def question_vote(request, question_id):
     """I have this problem too."""
     question = get_object_or_404(Question, pk=question_id, is_spam=False)
@@ -1028,7 +1019,7 @@ def question_vote(request, question_id):
 
 
 @csrf_exempt
-@ratelimit(keys=user_or_ip('answer-vote'), ip=False, rate='10/d')
+@ratelimit('answer-vote', '10/d')
 def answer_vote(request, question_id, answer_id):
     """Vote for Helpful/Not Helpful answers"""
     answer = get_object_or_404(Answer, pk=answer_id, question=question_id,

kitsune/settings.py

@@ -550,6 +550,7 @@
     'kitsune.kpi',
     'kitsune.products',
     'kitsune.notifications',
+    'kitsune.journal',
     'rest_framework',
     'statici18n',
     # 'axes',

kitsune/sumo/decorators.py

@@ -7,6 +7,8 @@
 
 from statsd import statsd
 
+from kitsune.sumo.utils import is_ratelimited
+
 
 def ssl_required(view_func):
     """A view decorator that enforces HTTPS.
@@ -111,3 +113,19 @@ def _timeit(*args, **kwargs):
         return result
 
     return _timeit
+
+
+def ratelimit(name, rate, method=['POST'], skip_if=lambda r: False):
+    """
+    Reimplement ``ratelimit.decorators.ratelimit``, using a sumo-specic ``is_ratelimited``.
+
+    This discards a lot of the flexibility of the original, and in turn is a lot simpler.
+    """
+    def _decorator(fn):
+        @wraps(fn)
+        def _wrapped(request, *args, **kwargs):
+            # Sets ``request.limited`` on ``request``.
+            is_ratelimited(request, name, rate, method, skip_if)
+            return fn(request, *args, **kwargs)
+        return _wrapped
+    return _decorator

kitsune/sumo/migrations/0002_add_bypass_proxy_permission.py

@@ -0,0 +1,67 @@
+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import DataMigration
+from django.db import models
+
+class Migration(DataMigration):
+
+    def forwards(self, orm):
+        """Add a permission (and content type if needed) for bypassing ratelimits."""
+        # First create a content type for these kind of permissions.
+        ContentType = orm['contenttypes.ContentType']
+        global_permission_ct, created = ContentType.objects.get_or_create(name='global_permission', app_label='sumo')
+
+        # Then we create a permission attached to that content type.
+        Permission = orm['auth.Permission']
+        view_perm = Permission.objects.create(
+            name='Bypass Ratelimits',
+            content_type=global_permission_ct,
+            codename='bypass_ratelimit')
+
+    def backwards(self, orm):
+        """Delete the bypass permission.  """
+        Permission = orm['auth.Permission']
+        Permission.objects.get(codename='bypass_ratelimit').delete()
+
+    models = {
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Permission']"}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        }
+    }
+
+    complete_apps = ['auth', 'sumo']
+    symmetrical = True