Skip to content

Commit f34b90c

Browse files
kiritofengkiritofeng
committed
Add submission rate limit to prevent abuse
1 parent 3a5419b commit f34b90c

File tree

2 files changed

+14
-6
lines changed

2 files changed

+14
-6
lines changed

dmoj/settings.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,10 @@
7676
DMOJ_SUBMISSION_LIMIT = 2
7777
DMOJ_SUBMISSIONS_REJUDGE_LIMIT = 10
7878

79+
# Rate limit submissions to prevent abuse
80+
DMOJ_SUBMISSION_RATELIMIT_TIMEFRAME = datetime.timedelta(days=1)
81+
DMOJ_SUBMISSION_RATELIMIT = 500
82+
7983
# Whether to allow users to view source code: 'all' | 'all-solved' | 'only-own'
8084
DMOJ_SUBMISSION_SOURCE_VISIBILITY = 'all-solved'
8185
DMOJ_BLOG_NEW_PROBLEM_COUNT = 7

judge/views/problem.py

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -695,12 +695,16 @@ def get_success_url(self):
695695
return reverse('submission_status', args=(self.new_submission.id,))
696696

697697
def form_valid(self, form):
698-
if (
699-
not self.request.user.has_perm('judge.spam_submission') and
700-
Submission.objects.filter(user=self.request.profile, rejudged_date__isnull=True)
701-
.exclude(status__in=['D', 'IE', 'CE', 'AB']).count() >= settings.DMOJ_SUBMISSION_LIMIT
702-
):
703-
return HttpResponse(format_html('<h1>{0}</h1>', _('You submitted too many submissions.')), status=429)
698+
if not self.request.user.has_perm('judge.spam_submission'):
699+
if (
700+
Submission.objects.filter(user=self.request.profile, rejudged_date__isnull=True)
701+
.exclude(status__in=['D', 'IE', 'CE', 'AB']).count() >= settings.DMOJ_SUBMISSION_LIMIT
702+
) or (
703+
Submission.objects.filter(user=self.request.profile,
704+
date__gte=timezone.now() - settings.DMOJ_SUBMISSION_RATELIMIT_TIMEFRAME)
705+
.exclude(status__in=['IE', 'CE']).count() >= settings.DMOJ_SUBMISSION_RATELIMIT
706+
):
707+
return HttpResponse(format_html('<h1>{0}</h1>', _('You submitted too many submissions.')), status=429)
704708
if not self.object.allowed_languages.filter(id=form.cleaned_data['language'].id).exists():
705709
raise PermissionDenied()
706710
if not self.request.user.is_superuser and self.object.banned_users.filter(id=self.request.profile.id).exists():

0 commit comments

Comments
 (0)