#!/usr/bin/env python3

from flask import Flask, request, Response, redirect
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address

app = Flask(__name__)
limiter = Limiter(
    app=app,
    key_func=get_remote_address,
    default_limits=["50000 per hour"],
    storage_uri="memory://",
)

flag = open("flag.txt").read()
assert '?' not in flag

@app.route('/')
@limiter.limit("5/second")
def index():
    return Response(open(__file__).read(), mimetype="text/plain")

@app.route('/flag')
@limiter.limit("5/second")
def flag_endpoint():
    offset = int(get_remote_address()[-1])
    return ''.join((c if i%5 == offset%5 else '?') for i, c in enumerate(flag))
    
if __name__ == "__main__":
    app.run('0.0.0.0', 12001)