mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-15 06:15:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add rate-limiting to new password change endpoint

Browse Source
This commit is contained in:
KernelDeimos 2024-05-11 02:28:18 -04:00 committed by KernelDeimos
parent 9076fddc0d
commit 1493cacb69
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
packages/backend/src/services/abuse-prevention/EdgeRateLimitService.js
View File

@ -1,5 +1,6 @@
const { Context } = require("../../util/context"); const { Context } = require("../../util/context");
const { asyncSafeSetInterval } = require("../../util/promise"); const { asyncSafeSetInterval } = require("../../util/promise");
const { quot } = require("../../util/strutil");
const { MINUTE, HOUR } = require('../../util/time.js'); const { MINUTE, HOUR } = require('../../util/time.js');
const BaseService = require("../BaseService"); const BaseService = require("../BaseService");
@ -55,6 +56,10 @@ class EdgeRateLimitService extends BaseService {
limit: 10, limit: 10,
window: HOUR, window: HOUR,
}, },
['/user-protected/change-password']: {
limit: 10,
window: HOUR,
},
['login-otp']: { ['login-otp']: {
limit: 15, limit: 15,
window: 30 * MINUTE, window: 30 * MINUTE,
@ -77,6 +82,9 @@ class EdgeRateLimitService extends BaseService {
} }
check (scope) { check (scope) {
if ( ! this.scopes.hasOwnProperty(scope) ) {
throw new Error(`unrecognized rate-limit scope: ${quot(scope)}`)
}
const { window, limit } = this.scopes[scope]; const { window, limit } = this.scopes[scope];
const requester = Context.get('requester'); const requester = Context.get('requester');