U >i @sdZddlZddlZddlmZddlmZddlmZddl m Z m Z m Z m Z mZddlmZddlmZdd lmZmZdd lmZdd lmZdd lmZed dZeGdddZeGdddZeee fdddZ!e"edddZ#e e"e edddZ$ddde"edddZ%ddd d d!e"ee&e&e ed"d#d$Z'ddd d d d%ee"e e"e"fe&e&e&e ed&d'd(Z(edd)d*Z)ddde*e"d+d,d-Z+dS).u Rate limiting in this implementation relies on a cache and uses non-atomic operations, making it vulnerable to race conditions. As a result, users may occasionally bypass the intended rate limit due to concurrent access. However, such race conditions are rare in practice. For example, if the limit is set to 10 requests per minute and a large number of parallel processes attempt to test that limit, you may occasionally observe slight overruns—such as 11 or 12 requests slipping through. Nevertheless, exceeding the limit by a large margin is highly unlikely due to the low probability of many processes entering the critical non-atomic code section simultaneously. N) namedtuple) dataclass) HTTPStatus)DictListOptionalTupleUnion)cache)ImproperlyConfigured) HttpRequest HttpResponse)render)TemplateDoesNotExist) RateLimitedRatezamount duration perc@s<eZdZUeed<eeefed<eed<ddddZdS)SingleRateLimitUsage cache_keycache_duration timestampNreturncs6tjg}fdd|D}tj|jdS)Ncsg|]}|jkr|qS)r).0tsselfrC/tmp/pip-unpacked-wheel-upujnpc2/allauth/core/internal/ratelimit.py (s z1SingleRateLimitUsage.rollback..)r getrsetr)rhistoryrrrrollback&szSingleRateLimitUsage.rollback) __name__ __module__ __qualname__str__annotations__r floatintr"rrrrr s rc@s(eZdZUeeed<ddddZdS)RateLimitUsageusageNrcCs|jD] }|qdS)N)r+r")rr+rrrr"0s zRateLimitUsage.rollback)r#r$r%rrr'r"rrrrr*,s  r*rcCspt|dkrt||d}|dd}ddddd}||krJtd|t|dkr\d}nt|}|||S) Nr<iiQ)smhdzInvalid duration unit: %s)len ValueErrorr()durationunitvalueZunit_maprrrparse_duration5s    r8)ratercCs`|d}t|dkr$|\}}d}n t|dkr<|\}}}nt|t|}t|}t|||S)N/ip)splitr3r4r)r8r)r9partsamountr5perZamount_vZ duration_vrrr parse_rateDs    rB)ratesrcCs>g}|r:|}|r:|d}|D]}|t|q"|S)N,)stripr>appendrB)rCretr?partrrr parse_ratesRs rI)keyuser)actionr9c Csddlm}|jdkr(d||f}nx|jdkr`|dkrP|jjsJtd|j}dt|jf}n@|jdkr|dkrztdt | d }|f}n t |jd d |f|}d |S) Nr) get_adapterr<rKz2ratelimit configured per user but used anonymouslyrJz1ratelimit configured per key but no key specifiedutf8ZallauthZrl:)Zallauth.account.adapterrMrAZ get_client_iprKis_authenticatedr r&pkhashlibsha256encode hexdigestr4join) requestrLr9rJrKrMsourceZkey_hashkeysrrr get_cache_key]s*     rZF)rJrKdry_runraise_exception)rLr9r[r\rc Cst|||||d}t|g}t} |rF|d| |jkrF|q&t||jk} | rjt|| |jd} nd} | r|s| d| t |||j| s|rt | S)NrLr9rJrKr,)rrrr) rZr rtimer5popr3r@rinsertr r) rWrLr9rJrKr[r\rr!nowallowedr+rrr_consume_single_ratexs&    rc)rJrKr[ limit_getr\)rWrLconfigr[rdr\rc Csztgd}|s|jdkr|St||} | s2|Sd} | D]2} t||| ||||d} | s`d} qn|j| q:| rv|SdS)N)r+GETT)rLr9rJrKr[r\F)r*methodrIrrcr+rF) rWrLrerJrKr[rdr\r+rCrbr9Z single_usagerrrconsumes,  rhcCsRddlm}zt|d|jtjdWStk rLd}t|dtjdYSXdS)Nr) app_settingsz429.)statusz Too Many Requests

429 Too Many Requests

You have sent too many requests. Please try again later.

z text/html)content content_typerj)Zallauth.accountrirZTEMPLATE_EXTENSIONrTOO_MANY_REQUESTSrr )rWrirkrrr handler429s rn)rerLcCs8t||}|D] }t|||||d}t|qdS)Nr])rIrrZr delete)rWrerLrJrKrCr9rrrrclearsrp),__doc__rRr^ collectionsrZ dataclassesrhttprtypingrrrrr Zdjango.core.cacher Zdjango.core.exceptionsr Z django.httpr r Zdjango.shortcutsrZdjango.template.exceptionsrZallauth.core.exceptionsrrrr*r)r(r8r&rBrIrZboolrcrhrndictrprrrrs`              #  #