aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api/users
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-07-04 16:42:40 +0200
committerChocobozzz <me@florianbigard.com>2019-07-04 16:42:40 +0200
commitc1340a6ac35f924161e6ec2a1d728e20c89e55c8 (patch)
tree8f0a6b72b36be586422002039720d3a08309cbea /server/controllers/api/users
parentfd0bfc3ac43eb0c0c2ac0b21bc2e0670f546384f (diff)
downloadPeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.gz
PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.zst
PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.zip
Add rate limit to registration and API endpoints
Diffstat (limited to 'server/controllers/api/users')
-rw-r--r--server/controllers/api/users/index.ts18
1 files changed, 13 insertions, 5 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index c1d72087c..63747a0a9 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -3,7 +3,7 @@ import * as RateLimit from 'express-rate-limit'
3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' 3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { getFormattedObjects } from '../../../helpers/utils' 5import { getFormattedObjects } from '../../../helpers/utils'
6import { RATES_LIMIT, WEBSERVER } from '../../../initializers/constants' 6import { WEBSERVER } from '../../../initializers/constants'
7import { Emailer } from '../../../lib/emailer' 7import { Emailer } from '../../../lib/emailer'
8import { Redis } from '../../../lib/redis' 8import { Redis } from '../../../lib/redis'
9import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user' 9import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
@@ -53,14 +53,21 @@ const auditLogger = auditLoggerFactory('users')
53// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138 53// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138
54// @ts-ignore 54// @ts-ignore
55const loginRateLimiter = RateLimit({ 55const loginRateLimiter = RateLimit({
56 windowMs: RATES_LIMIT.LOGIN.WINDOW_MS, 56 windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
57 max: RATES_LIMIT.LOGIN.MAX 57 max: CONFIG.RATES_LIMIT.LOGIN.MAX
58})
59
60// @ts-ignore
61const signupRateLimiter = RateLimit({
62 windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
63 max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
64 skipFailedRequests: true
58}) 65})
59 66
60// @ts-ignore 67// @ts-ignore
61const askSendEmailLimiter = new RateLimit({ 68const askSendEmailLimiter = new RateLimit({
62 windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS, 69 windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
63 max: RATES_LIMIT.ASK_SEND_EMAIL.MAX 70 max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
64}) 71})
65 72
66const usersRouter = express.Router() 73const usersRouter = express.Router()
@@ -114,6 +121,7 @@ usersRouter.post('/',
114) 121)
115 122
116usersRouter.post('/register', 123usersRouter.post('/register',
124 signupRateLimiter,
117 asyncMiddleware(ensureUserRegistrationAllowed), 125 asyncMiddleware(ensureUserRegistrationAllowed),
118 ensureUserRegistrationAllowedForIP, 126 ensureUserRegistrationAllowedForIP,
119 asyncMiddleware(usersRegisterValidator), 127 asyncMiddleware(usersRegisterValidator),