Add ratelimit to package reviews

app/blueprints/packages/reviews.py

@@ -54,6 +54,10 @@ def review(package):
 		flash(gettext("You can't review your own package!"), "danger")
 		return redirect(package.getURL("packages.view"))
 
+	if not current_user.canReviewRL():
+		flash(gettext("You've reviewed too many packages recently. Please wait before trying again, and consider making your reviews more detailed"), "danger")
+		return redirect(package.getURL("packages.view"))
+
 	review = PackageReview.query.filter_by(package=package, author=current_user).first()
 
 	form = ReviewForm(formdata=request.form, obj=review)

app/models/users.py

@@ -270,6 +270,25 @@ class User(db.Model, UserMixin):
 		return Thread.query.filter_by(author=self) \
 			.filter(Thread.created_at > hour_ago).count() < 2 * factor
 
+	def canReviewRL(self):
+		from app.models import PackageReview
+
+		factor = 1
+		if self.rank.atLeast(UserRank.ADMIN):
+			return True
+		elif self.rank.atLeast(UserRank.TRUSTED_MEMBER):
+			factor *= 5
+
+		five_mins_ago = datetime.datetime.utcnow() - datetime.timedelta(minutes=5)
+		if PackageReview.query.filter_by(author=self) \
+				.filter(PackageReview.created_at > five_mins_ago).count() >= 4 * factor:
+			return False
+
+		hour_ago = datetime.datetime.utcnow() - datetime.timedelta(hours=1)
+		return PackageReview.query.filter_by(author=self) \
+			.filter(PackageReview.created_at > hour_ago).count() < 30 * factor
+
+
 	def __eq__(self, other):
 		if other is None:
 			return False