feat: enhance database reliability, add rate limiting, and improve email compatibility

2025-08-31 09:48:10 -05:00 · 2025-08-31 09:48:10 -05:00 · 96f4243713
commit 96f4243713
parent 2a2df9f6e5
4 changed files with 441 additions and 348 deletions
--- a/server.py
+++ b/server.py
@ -5,6 +5,8 @@ from threading import Thread
 import smtplib
 from email.mime.text import MIMEText
 from flask import Flask, render_template, request, jsonify, g
+from flask_limiter import Limiter
+from flask_limiter.util import get_remote_address
 from dotenv import load_dotenv
 from database import init_db, get_connection, return_connection, add_email, remove_email

@ -17,8 +19,19 @@ SMTP_PASSWORD = os.getenv('SMTP_PASSWORD')

 app = Flask(__name__)

+# Rate limiting setup
+limiter = Limiter(
+    key_func=get_remote_address,
+    app=app,
+    default_limits=["1000 per hour", "100 per minute"],
+    storage_uri="memory://"
+)
+
 # Configure logging
-logging.basicConfig(level=logging.INFO)
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s %(levelname)s [%(name)s] %(message)s'
+)

 # Cache configuration
 _newsletter_cache = {}
@ -132,24 +145,20 @@ def after_request(response):
    
    return response

-def send_confirmation_email(to_address: str, unsubscribe_link: str):
+def send_confirmation_email(to_address: str, html_body: str):
    """
    Sends the HTML confirmation email to `to_address`.
-    This runs inside its own SMTP_SSL connection with reduced timeout.
+    html_body is pre-rendered to avoid Flask context issues.
    """
    try:
        subject = "Thanks for subscribing!"
-        html_body = render_template(
-            "confirmation_email.html",
-            unsubscribe_link=unsubscribe_link
-        )

        msg = MIMEText(html_body, "html", "utf-8")
        msg["Subject"] = subject
        msg["From"] = SMTP_USER
        msg["To"] = to_address

-        with smtplib.SMTP_SSL(SMTP_SERVER, SMTP_PORT, timeout=5) as server:
+        with smtplib.SMTP_SSL(SMTP_SERVER, SMTP_PORT, timeout=10) as server:
            server.login(SMTP_USER, SMTP_PASSWORD)
            server.sendmail(SMTP_USER, [to_address], msg.as_string())
            
@ -158,11 +167,11 @@ def send_confirmation_email(to_address: str, unsubscribe_link: str):
    except Exception as e:
        app.logger.error(f"Failed to send email to {to_address}: {e}")

-def send_confirmation_async(email, unsubscribe_link):
+def send_confirmation_async(email, html_body):
    """
    Wrapper for threading.Thread target.
    """
-    send_confirmation_email(email, unsubscribe_link)
+    send_confirmation_email(email, html_body)

@app.route("/", methods=["GET"])
 def index():
@ -170,6 +179,7 @@ def index():
    return render_template("index.html")

@app.route("/subscribe", methods=["POST"])
+@limiter.limit("5 per minute")  # Strict rate limit for subscriptions
 def subscribe():
    """Subscribe endpoint with optimized database handling"""
    data = request.get_json() or {}
@ -184,12 +194,17 @@ def subscribe():
    
    try:
        if add_email(email):
+            # Render the template in the main thread (with Flask context)
            unsubscribe_link = f"{request.url_root}unsubscribe?email={email}"
+            html_body = render_template(
+                "confirmation_email.html",
+                unsubscribe_link=unsubscribe_link
+            )

-            # Start email sending in background thread
+            # Start email sending in background thread with pre-rendered HTML
            Thread(
                target=send_confirmation_async,
-                args=(email, unsubscribe_link),
+                args=(email, html_body),
                daemon=True
            ).start()

@ -202,6 +217,7 @@ def subscribe():
        return jsonify(error="Internal server error"), 500

@app.route("/unsubscribe", methods=["GET"])
+@limiter.limit("10 per minute")
 def unsubscribe():
    """Unsubscribe endpoint with optimized database handling"""
    email = request.args.get("email")
@ -220,6 +236,7 @@ def unsubscribe():
        return "Internal server error", 500

@app.route("/newsletters", methods=["GET"])
+@limiter.limit("30 per minute")
 def newsletters():
    """
    List all newsletters (newest first) with caching for better performance.
@ -232,6 +249,7 @@ def newsletters():
        return "Internal server error", 500

@app.route("/newsletter/<int:newsletter_id>", methods=["GET"])
+@limiter.limit("60 per minute")
 def newsletter_detail(newsletter_id):
    """
    Show a single newsletter by its ID with caching.
@ -248,6 +266,7 @@ def newsletter_detail(newsletter_id):
        return "Internal server error", 500

@app.route("/admin/clear-cache", methods=["POST"])
+@limiter.limit("5 per minute")
 def clear_cache():
    """Admin endpoint to clear newsletter cache"""
    try:
@ -258,10 +277,16 @@ def clear_cache():
        return jsonify(error="Failed to clear cache"), 500

@app.route("/health", methods=["GET"])
+@limiter.limit("120 per minute")
 def health_check():
    """Health check endpoint for monitoring"""
    return jsonify(status="healthy", timestamp=time.time()), 200

+# Rate limit error handler
+@app.errorhandler(429)
+def ratelimit_handler(e):
+    return jsonify(error="Rate limit exceeded. Please try again later."), 429
+
 # Error handlers
@app.errorhandler(404)
 def not_found(error):
@ -280,4 +305,4 @@ except Exception as e:
    raise

 if __name__ == "__main__":
-    app.run(host="0.0.0.0", debug=True)
+    app.run(host="0.0.0.0", debug=True)