Stricter rate limit for login (#4718)
This commit is contained in:
parent
723cb549d4
commit
49bb17b583
2 changed files with 1982 additions and 1591 deletions
File diff suppressed because it is too large
Load diff
|
@ -262,12 +262,22 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
|
|||
// User
|
||||
.service(
|
||||
// Account action, I don't like that it's in /user maybe /accounts
|
||||
// Handle /user/register separately to add the register() rate limitter
|
||||
// Handle /user/register separately to add the register() rate limiter
|
||||
web::resource("/user/register")
|
||||
.guard(guard::Post())
|
||||
.wrap(rate_limit.register())
|
||||
.route(web::post().to(register)),
|
||||
)
|
||||
// User
|
||||
.service(
|
||||
// Handle /user/login separately to add the register() rate limiter
|
||||
// TODO: pretty annoying way to apply rate limits for register and login, we should
|
||||
// group them under a common path so that rate limit is only applied once (eg under /account).
|
||||
web::resource("/user/login")
|
||||
.guard(guard::Post())
|
||||
.wrap(rate_limit.register())
|
||||
.route(web::post().to(login)),
|
||||
)
|
||||
.service(
|
||||
// Handle captcha separately
|
||||
web::resource("/user/get_captcha")
|
||||
|
@ -306,7 +316,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
|
|||
.route("/banned", web::get().to(list_banned_users))
|
||||
.route("/block", web::post().to(block_person))
|
||||
// TODO Account actions. I don't like that they're in /user maybe /accounts
|
||||
.route("/login", web::post().to(login))
|
||||
.route("/logout", web::post().to(logout))
|
||||
.route("/delete_account", web::post().to(delete_account))
|
||||
.route("/password_reset", web::post().to(reset_password))
|
||||
|
|
Loading…
Reference in a new issue