From 180fd1c07138fa68ad16418a7c21dc24fc3d78af Mon Sep 17 00:00:00 2001
From: Daniel Dolezal <d.dolezal97@protonmail.com>
Date: Fri, 24 Oct 2025 21:59:02 +0200
Subject: [PATCH] add better rate limits

---
 routes/handeling/errorsAndBots.py | 5 +++++
 routes/side/main.py               | 7 ++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/routes/handeling/errorsAndBots.py b/routes/handeling/errorsAndBots.py
index b6a7293..b2f3d23 100644
--- a/routes/handeling/errorsAndBots.py
+++ b/routes/handeling/errorsAndBots.py
@@ -6,6 +6,11 @@ from my_modules.functions import get_ip, enforce_custom_limit
 
 @app.errorhandler(401)
 async def handle_unauthorized(e):
+  try:
+    enforce_custom_limit(LIMITER, "401", limit_count=5, window_sec=1800)
+  except LookupError as e:
+    return await to_many_requests(e)
+
   await logger.error(e)
   return redirect(url_for('auth_login.login'))
 
diff --git a/routes/side/main.py b/routes/side/main.py
index 45573dd..968a231 100644
--- a/routes/side/main.py
+++ b/routes/side/main.py
@@ -10,35 +10,32 @@ from datetime import datetime, timezone
 side_main_bp = Blueprint('side_main', __name__)
 
 @side_main_bp.route('/')
-@LIMITER.limit("10 per minute")
+@LIMITER.limit("10 per minute;50 per hour")
 async def index():
   if session.get("user") is not None:
     return await render_template("views/webpage/upload.htm")
   return await render_template("views/webpage/index.htm")
 
 @side_main_bp.route('/files')
-@LIMITER.limit("10 per minute")
 @login_required
 async def files(user):
   files_data = await current_app.edgedb.get_files(current_datetime=datetime.now(timezone.utc), user_id=user['sub'])
   return await render_template("views/webpage/files_list.htm", files=files_data)
 
 @side_main_bp.route('/files/<path:file_id>/info')
-@LIMITER.limit("10 per minute")
 @login_required
 async def file_info(file_id, user):
   files_data = await current_app.edgedb.get_files(user_id=user['sub'])
   return await render_template("views/webpage/.htm", files=files_data)
 
 @side_main_bp.route('/files/<path:file_id>/edit')
-@LIMITER.limit("10 per minute")
 @login_required
 async def file_edit(file_id, user):
   files_data = await current_app.edgedb.get_files(user_id=user['sub'])
   return await render_template("views/webpage/.htm", files=files_data)
 
 @side_main_bp.route("/-<file_id>")
-@LIMITER.limit("10 per minute")
+@LIMITER.limit("10 per minute;500 per hour;")
 async def serve_file(file_id: str):
   file_data = await current_app.edgedb.get_file(file_id=file_id)
   if not file_data: