Python TwilioAPI安全
我用python实现了twilioPython TwilioAPI安全,python,api,twilio,fail2ban,Python,Api,Twilio,Fail2ban,我用python实现了twilio app = Flask(__name__) CORS(app) app.config.from_object('app_config') app.secret_key = '' client = Client(sid, token) limiter = Limiter( app, key_func=get_remote_address, default_limits=["5 per day", "1 p
app = Flask(__name__)
CORS(app)
app.config.from_object('app_config')
app.secret_key = ''
client = Client(sid, token)
limiter = Limiter(
app,
key_func=get_remote_address,
default_limits=["5 per day", "1 per second"],
)
@app.route("/start", methods=["POST"])
@limiter.limit("3 per day")
@requires_auth
def start():
agent = request.headers['Agent']
uagent = request.headers.get('Ugent')
path = request.path
if agent_check(agent) == False:
ip = request.remote_addr
return jsonify(success=False, message="Hey!Why are you here.")
country_code = request.values.get("c")
phone_number = request.values.get("n")
chan = request.values.get("v")
full_phone = "+{}{}".format(country_code, phone_number)
SERVICE = app.config['VERIFY_SERVICE_SID']
keep_log()
try:
r = client.verify \
.services(SERVICE) \
.verifications \
.create(to=full_phone, channel=chan)
return jsonify(success=True, message="Verification sent to {}".format(r.to))
except Exception as e:
return jsonify(success=False, message="Error sending verification: {}".format(e))
@app.route("/check", methods=["POST"])
@limiter.limit("3 per day")
@requires_auth
def check():
agent=request.headers['Agent']
uagent = request.headers.get('UAgent')
path = request.path
ip = request.remote_addr
if agent_check(agent)==False:
return jsonify(success=False, message="Hey!Why are you here.")
if not request.values.get("c") or not request.values.get("v") or not request.values.get("n"):
return jsonify(success=False, message="Wrong parameters")
country_code = request.values.get("c")
phone_number = request.values.get("n")
full_phone = "+{}{}".format(country_code, phone_number)
code = request.values.get("vc")
SERVICE = app.config['VERIFY_SERVICE_SID']
keep_log()
try:
r = client.verify \
.services(SERVICE) \
.verification_checks \
.create(to=full_phone, code=code)
if r.status == "approved":
return jsonify(success=True, message="Valid token.")
else:
return jsonify(success=False, message="Invalid token.")
except Exception as e:
return jsonify(success=False, message="Error checking verification: {}".format(e))
呼叫和短信工作正常。我还使用flask速率限制器限制api调用,并对每天最多3次调用使用fail2ban。但黑客在限制后使用不同的ip(但相同的设备)调用此api。我如何实际限制1个用户的api调用