MIDNIGHT/enlight-lms
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: added rate limit to all apis that can be accessed by guest

Browse Source
This commit is contained in:
Jannat Patel
2025-10-15 11:55:58 +05:30
parent bb2447e821
commit 5e6dc55c76
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
frontend/src/pages/CourseForm.vue
View File

@@ -363,7 +363,6 @@ import Link from '@/components/Controls/Link.vue'
import CourseOutline from '@/components/CourseOutline.vue'
import MultiSelect from '@/components/Controls/MultiSelect.vue'
import ColorSwatches from '@/components/Controls/ColorSwatches.vue'
import { require } from 'ace-builds'
const user = inject('$user')
const newTag = ref('')

11
lms/lms/utils.py
View File

@@ -201,6 +201,7 @@ def get_lesson_icon(body, content):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_tags(course):
tags = frappe.db.get_value("LMS Course", course, "tags")
return tags.split(",") if tags else []
@@ -245,6 +246,7 @@ def get_average_rating(course):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_reviews(course):
reviews = frappe.get_all(
"LMS Course Review",
@@ -735,6 +737,7 @@ def has_lessons(course):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_chart_data(
chart_name,
timespan="Select Date Range",
@@ -782,6 +785,7 @@ def get_chart_data(
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_course_completion_data():
all_membership = frappe.db.count("LMS Enrollment")
completed = frappe.db.count("LMS Enrollment", {"progress": ["like", "%100%"]})
@@ -1098,6 +1102,7 @@ def get_course_fields():
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_course_details(course):
course_details = frappe.db.get_value(
"LMS Course",
@@ -1192,6 +1197,7 @@ def get_categorized_courses(courses):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_course_outline(course, progress=False):
"""Returns the course outline."""
outline = []
@@ -1219,6 +1225,7 @@ def get_course_outline(course, progress=False):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_lesson(course, chapter, lesson):
chapter_name = frappe.db.get_value("Chapter Reference", {"parent": course, "idx": chapter}, "chapter")
lesson_name = frappe.db.get_value("Lesson Reference", {"parent": chapter_name, "idx": lesson}, "lesson")
@@ -1329,6 +1336,7 @@ def get_neighbour_lesson(course, chapter, lesson):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_batch_details(batch):
batch_students = frappe.get_all("LMS Batch Enrollment", {"batch": batch}, pluck="member")
if (
@@ -1449,6 +1457,7 @@ def get_question_details(question):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_batch_courses(batch):
courses = []
course_list = frappe.get_all("Batch Course", {"parent": batch}, ["name", "course"])
@@ -2023,6 +2032,7 @@ def enroll_in_program(program):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_batches(filters=None, start=0, order_by="start_date"):
if not filters:
filters = {}
@@ -2136,6 +2146,7 @@ def get_palette(full_name):
@frappe.whitelist(allow_guest=True)
@rate_limit(limit=10, seconds=60 * 60)
def get_related_courses(course):
related_course_details = []
related_courses = frappe.get_all("Related Courses", {"parent": course}, order_by="idx", pluck="course")