mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-15 06:15:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add rate limits

Browse Source
This commit is contained in:
KernelDeimos 2024-05-06 16:12:54 -04:00
parent 57d9c246c0
commit 7f3e2852c6
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/backend/src/routers/auth/configure-2fa.js
View File

@ -72,6 +72,11 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
}; };
actions.enable = async () => { actions.enable = async () => {
const svc_edgeRateLimit = req.services.get('edge-rate-limit');
if ( ! svc_edgeRateLimit.check('enable-2fa') ) {
return res.status(429).send('Too many requests.');
}
await db.write( await db.write(
`UPDATE user SET otp_enabled = 1 WHERE uuid = ?`, `UPDATE user SET otp_enabled = 1 WHERE uuid = ?`,
[user.uuid] [user.uuid]

10
packages/backend/src/routers/login.js
View File

@ -149,6 +149,11 @@ router.post('/login/otp', express.json(), body_parser_error_handler, async (req,
if(require('../helpers').subdomain(req) !== 'api' && require('../helpers').subdomain(req) !== '') if(require('../helpers').subdomain(req) !== 'api' && require('../helpers').subdomain(req) !== '')
next(); next();
const svc_edgeRateLimit = req.services.get('edge-rate-limit');
if ( ! svc_edgeRateLimit.check('login-otp') ) {
return res.status(429).send('Too many requests.');
}
if ( ! req.body.token ) { if ( ! req.body.token ) {
return res.status(400).send('token is required.'); return res.status(400).send('token is required.');
} }
@ -200,6 +205,11 @@ router.post('/login/recovery-code', express.json(), body_parser_error_handler, a
if(require('../helpers').subdomain(req) !== 'api' && require('../helpers').subdomain(req) !== '') if(require('../helpers').subdomain(req) !== 'api' && require('../helpers').subdomain(req) !== '')
next(); next();
const svc_edgeRateLimit = req.services.get('edge-rate-limit');
if ( ! svc_edgeRateLimit.check('login-recovery') ) {
return res.status(429).send('Too many requests.');
}
if ( ! req.body.token ) { if ( ! req.body.token ) {
return res.status(400).send('token is required.'); return res.status(400).send('token is required.');
} }

13
packages/backend/src/services/abuse-prevention/EdgeRateLimitService.js
View File

@ -55,6 +55,19 @@ class EdgeRateLimitService extends BaseService {
limit: 10, limit: 10,
window: HOUR, window: HOUR,
}, },
['login-otp']: {
limit: 15,
window: 30 * MINUTE,
},
['login-recovery']: {
limit: 10,
window: HOUR,
},
['enable-2fa']: {
limit: 10,
window: HOUR,
}
}; };
this.requests = new Map(); this.requests = new Map();
} }