Allow to control RATES_LIMIT from configuration (#1787)

* Allow to control RATES_LIMIT from configuration * @Chocobozzz review (squash me)
author: Yohan Boniface <yb@enix.org> 2019-04-26 13:48:55 +0200
committer: Chocobozzz <me@florianbigard.com> 2019-04-26 13:48:55 +0200
commit: c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f (patch)
tree: 1a6d50694fc1db90bdb6d455d6988eb14eb9fd4b
parent: 4f0f2ab228d73dbec303914dd59b52f6cdaddf46 (diff)
download: PeerTube-c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f.tar.gz
PeerTube-c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f.tar.zst
PeerTube-c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f.zip
6 files changed, 46 insertions, 5 deletions
diff --git a/config/default.yaml b/config/default.yaml
index 70b10299d..f8be23d69 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -9,6 +9,16 @@ webserver:
  hostname: 'localhost'
  port: 9000
+rates_limit:
+  login:
+    # 15 attempts in 5 min
+    window: 5 minutes
+    max: 15
+  ask_send_email:
+    # 3 attempts in 5 min
+    window: 5 minutes
+    max: 3
 # Proxies to trust to get real client IP
 # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
 # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
diff --git a/config/production.yaml.example b/config/production.yaml.example
index 06baaf7d4..f1f0f12d1 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -8,6 +8,16 @@ webserver:
  hostname: 'example.com'
  port: 443
+rates_limit:
+  login:
+    # 15 attempts in 5 min
+    window: 5 minutes
+    max: 15
+  ask_send_email:
+    # 3 attempts in 5 min
+    window: 5 minutes
+    max: 3
 # Proxies to trust to get real client IP
 # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
 # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index 223ef8078..622ad7d6b 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -27,7 +27,8 @@ function checkMissedConfig () {
    'services.twitter.username', 'services.twitter.whitelisted',
    'followers.instance.enabled', 'followers.instance.manual_approval',
    'tracker.enabled', 'tracker.private', 'tracker.reject_too_many_announces',
-    'history.videos.max_age', 'views.videos.remote.max_age'
+    'history.videos.max_age', 'views.videos.remote.max_age',
+    'rates_limit.login.window', 'rates_limit.login.max', 'rates_limit.ask_send_email.window', 'rates_limit.ask_send_email.max'
  ]
  const requiredAlternatives = [
    [ // set
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index baf502305..4f77e144d 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -63,6 +63,16 @@ const CONFIG = {
    HOSTNAME: config.get<string>('webserver.hostname'),
    PORT: config.get<number>('webserver.port')
  },
+  RATES_LIMIT: {
+    LOGIN: {
+      WINDOW_MS: parseDurationToMs(config.get<string>('rates_limit.login.window')),
+      MAX: config.get<number>('rates_limit.login.max')
+    },
+    ASK_SEND_EMAIL: {
+      WINDOW_MS: parseDurationToMs(config.get<string>('rates_limit.ask_send_email.window')),
+      MAX: config.get<number>('rates_limit.ask_send_email.max')
+    }
+  },
  TRUST_PROXY: config.get<string[]>('trust_proxy'),
  LOG: {
    LEVEL: config.get<string>('log.level')
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 2be364cc8..193bae5b5 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -281,12 +281,12 @@ let CONSTRAINTS_FIELDS = {
 const RATES_LIMIT = {
  LOGIN: {
-    WINDOW_MS: 5 * 60 * 1000, // 5 minutes
+    WINDOW_MS: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
-    MAX: 15 // 15 attempts
+    MAX: CONFIG.RATES_LIMIT.LOGIN.MAX
  },
  ASK_SEND_EMAIL: {
-    WINDOW_MS: 5 * 60 * 1000, // 5 minutes
+    WINDOW_MS: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
-    MAX: 3 // 3 attempts
+    MAX: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
  }
 }
diff --git a/support/docker/production/config/production.yaml b/support/docker/production/config/production.yaml
index d585cd73e..ae6bf3982 100644
--- a/support/docker/production/config/production.yaml
+++ b/support/docker/production/config/production.yaml
@@ -8,6 +8,16 @@ webserver:
  hostname: undefined
  port: 443
+rates_limit:
+  login:
+    # 15 attempts in 5 min
+    window: 5 minutes
+    max: 15
+  ask_send_email:
+    # 3 attempts in 5 min
+    window: 5 minutes
+    max: 3
 # Proxies to trust to get real client IP
 # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
 # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
author	Yohan Boniface <yb@enix.org>	2019-04-26 13:48:55 +0200
committer	Chocobozzz <me@florianbigard.com>	2019-04-26 13:48:55 +0200
commit	c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f (patch)
tree	1a6d50694fc1db90bdb6d455d6988eb14eb9fd4b
parent	4f0f2ab228d73dbec303914dd59b52f6cdaddf46 (diff)
download	PeerTube-c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f.tar.gz PeerTube-c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f.tar.zst PeerTube-c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f.zip