[mod] botdetection - improve ip_limit and link_token methods

- counting requests in LONG_WINDOW and BURST_WINDOW is not needed when the
  request is validated by the link_token method [1]

- renew a ping-key on validation [2], this is needed for infinite scrolling,
  where no new token (CSS) is loaded. / this does not fix the BURST_MAX issue in
  the vanilla limiter

- normalize the counter names of the ip_limit method to 'ip_limit.*'

- just integrate the ip_limit method straight forward in the limiter plugin /
  non intermediate code --> ip_limit now returns None or a werkzeug.Response
  object that can be passed by the plugin to the flask application / non
  intermediate code that returns a tuple

[1] https://github.com/searxng/searxng/pull/2357#issuecomment-1566113277
[2] https://github.com/searxng/searxng/pull/2357#discussion_r1208542206
[3] https://github.com/searxng/searxng/pull/2357#issuecomment-1566125979

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>

1 files changed, 4 insertions, 10 deletions

diff --git a/searx/plugins/limiter.py b/searx/plugins/limiter.py
index 92b0aa2a0..7edbb1ce0 100644
--- a/searx/plugins/limiter.py
+++ b/searx/plugins/limiter.py
@@ -20,16 +20,10 @@ logger = logger.getChild('limiter')
 
 def pre_request():
     """See :ref:`flask.Flask.before_request`"""
-
-    val = limiter.filter_request(flask.request)
-    if val is not None:
-        http_status, msg = val
-        client_ip = flask.request.headers.get('X-Forwarded-For', '<unknown>')
-        logger.error("BLOCK (IP %s): %s" % (client_ip, msg))
-        return 'Too Many Requests', http_status
-
-    logger.debug("OK: %s" % dump_request(flask.request))
-    return None
+    ret_val = limiter.filter_request(flask.request)
+    if ret_val is None:
+        logger.debug("OK: %s" % dump_request(flask.request))
+    return ret_val
 
 
 def init(app: flask.Flask, settings) -> bool: