Bugfix ratelimiter kobo

cps/kobo_auth.py

@@ -64,11 +64,12 @@ from datetime import datetime
 from os import urandom
 from functools import wraps
 
-from flask import g, Blueprint, url_for, abort, request
+from flask import g, Blueprint, abort, request
 from flask_login import login_user, current_user, login_required
 from flask_babel import gettext as _
+from flask_limiter import RateLimitExceeded
 
-from . import logger, config, calibre_db, db, helper, ub, lm
+from . import logger, config, calibre_db, db, helper, ub, lm, limiter
 from .render_template import render_title_template
 
 log = logger.create()
@@ -151,6 +152,10 @@ def requires_kobo_auth(f):
     def inner(*args, **kwargs):
         auth_token = get_auth_token()
         if auth_token is not None:
+            try:
+                limiter.check()
+            except RateLimitExceeded:
+                return abort(429)
             user = (
                 ub.session.query(ub.User)
                 .join(ub.RemoteAuthToken)

cps/main.py

@@ -44,6 +44,7 @@ def main():
     try:
         from .kobo import kobo, get_kobo_activated
         from .kobo_auth import kobo_auth
+        from flask_limiter.util import get_remote_address
         kobo_available = get_kobo_activated()
     except (ImportError, AttributeError):  # Catch also error for not installed flask-WTF (missing csrf decorator)
         kobo_available = False
@@ -73,6 +74,7 @@ def main():
     if kobo_available:
         app.register_blueprint(kobo)
         app.register_blueprint(kobo_auth)
+        limiter.limit("10/minute", key_func=get_remote_address)(kobo)
     if oauth_available:
         app.register_blueprint(oauth)
     success = web_server.start()

cps/opds.py

@@ -483,7 +483,7 @@ def check_auth(username, password):
     try:
         limiter.check()
     except RateLimitExceeded:
-        return False
+        return abort(429) # False
     try:
         username = username.encode('windows-1252')
     except UnicodeEncodeError: