[mod] botdetection - improve ip_limit and link_token methods

- counting requests in LONG_WINDOW and BURST_WINDOW is not needed when the request is validated by the link_token method [1] - renew a ping-key on validation [2], this is needed for infinite scrolling, where no new token (CSS) is loaded. / this does not fix the BURST_MAX issue in the vanilla limiter - normalize the counter names of the ip_limit method to 'ip_limit.*' - just integrate the ip_limit method straight forward in the limiter plugin / non intermediate code --> ip_limit now returns None or a werkzeug.Response object that can be passed by the plugin to the flask application / non intermediate code that returns a tuple [1] https://github.com/searxng/searxng/pull/2357#issuecomment-1566113277 [2] https://github.com/searxng/searxng/pull/2357#discussion_r1208542206 [3] https://github.com/searxng/searxng/pull/2357#issuecomment-1566125979 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2025-07-12 15:59:21 +02:00 · 2023-05-28 18:58:31 +02:00 · 2023-05-28 18:58:31 +02:00 · b8c7c2c9aa
commit b8c7c2c9aa
parent 52f1452c09
11 changed files with 197 additions and 84 deletions
--- a/searx/botdetection/http_accept_language.py
+++ b/searx/botdetection/http_accept_language.py
@ -13,13 +13,15 @@ if the Accept-Language_ header is unset.
 """
 # pylint: disable=unused-argument

-from typing import Optional, Tuple
+from typing import Optional
 import flask
+import werkzeug

 from searx.tools import config
+from ._helpers import too_many_requests


-def filter_request(request: flask.Request, cfg: config.Config) -> Optional[Tuple[int, str]]:
+def filter_request(request: flask.Request, cfg: config.Config) -> Optional[werkzeug.Response]:
    if request.headers.get('Accept-Language', '').strip() == '':
-        return 429, "bot detected, missing HTTP header Accept-Language"
+        return too_many_requests(request, "missing HTTP header Accept-Language")
    return None