mirror of
https://github.com/HeyPuter/puter
synced 2024-11-15 06:15:47 +00:00
Add rate limits
This commit is contained in:
parent
57d9c246c0
commit
7f3e2852c6
@ -72,6 +72,11 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
|
||||
};
|
||||
|
||||
actions.enable = async () => {
|
||||
const svc_edgeRateLimit = req.services.get('edge-rate-limit');
|
||||
if ( ! svc_edgeRateLimit.check('enable-2fa') ) {
|
||||
return res.status(429).send('Too many requests.');
|
||||
}
|
||||
|
||||
await db.write(
|
||||
`UPDATE user SET otp_enabled = 1 WHERE uuid = ?`,
|
||||
[user.uuid]
|
||||
|
@ -149,6 +149,11 @@ router.post('/login/otp', express.json(), body_parser_error_handler, async (req,
|
||||
if(require('../helpers').subdomain(req) !== 'api' && require('../helpers').subdomain(req) !== '')
|
||||
next();
|
||||
|
||||
const svc_edgeRateLimit = req.services.get('edge-rate-limit');
|
||||
if ( ! svc_edgeRateLimit.check('login-otp') ) {
|
||||
return res.status(429).send('Too many requests.');
|
||||
}
|
||||
|
||||
if ( ! req.body.token ) {
|
||||
return res.status(400).send('token is required.');
|
||||
}
|
||||
@ -200,6 +205,11 @@ router.post('/login/recovery-code', express.json(), body_parser_error_handler, a
|
||||
if(require('../helpers').subdomain(req) !== 'api' && require('../helpers').subdomain(req) !== '')
|
||||
next();
|
||||
|
||||
const svc_edgeRateLimit = req.services.get('edge-rate-limit');
|
||||
if ( ! svc_edgeRateLimit.check('login-recovery') ) {
|
||||
return res.status(429).send('Too many requests.');
|
||||
}
|
||||
|
||||
if ( ! req.body.token ) {
|
||||
return res.status(400).send('token is required.');
|
||||
}
|
||||
|
@ -55,6 +55,19 @@ class EdgeRateLimitService extends BaseService {
|
||||
limit: 10,
|
||||
window: HOUR,
|
||||
},
|
||||
['login-otp']: {
|
||||
limit: 15,
|
||||
window: 30 * MINUTE,
|
||||
},
|
||||
['login-recovery']: {
|
||||
limit: 10,
|
||||
window: HOUR,
|
||||
},
|
||||
['enable-2fa']: {
|
||||
limit: 10,
|
||||
window: HOUR,
|
||||
}
|
||||
|
||||
};
|
||||
this.requests = new Map();
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user