aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-07-04 16:42:40 +0200
committerChocobozzz <me@florianbigard.com>2019-07-04 16:42:40 +0200
commitc1340a6ac35f924161e6ec2a1d728e20c89e55c8 (patch)
tree8f0a6b72b36be586422002039720d3a08309cbea /server/controllers
parentfd0bfc3ac43eb0c0c2ac0b21bc2e0670f546384f (diff)
downloadPeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.gz
PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.zst
PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.zip
Add rate limit to registration and API endpoints
Diffstat (limited to 'server/controllers')
-rw-r--r--server/controllers/api/index.ts10
-rw-r--r--server/controllers/api/users/index.ts18
2 files changed, 23 insertions, 5 deletions
diff --git a/server/controllers/api/index.ts b/server/controllers/api/index.ts
index 60a84036e..ea2615e28 100644
--- a/server/controllers/api/index.ts
+++ b/server/controllers/api/index.ts
@@ -1,4 +1,5 @@
1import * as express from 'express' 1import * as express from 'express'
2import * as RateLimit from 'express-rate-limit'
2import { configRouter } from './config' 3import { configRouter } from './config'
3import { jobsRouter } from './jobs' 4import { jobsRouter } from './jobs'
4import { oauthClientsRouter } from './oauth-clients' 5import { oauthClientsRouter } from './oauth-clients'
@@ -12,6 +13,7 @@ import * as cors from 'cors'
12import { searchRouter } from './search' 13import { searchRouter } from './search'
13import { overviewsRouter } from './overviews' 14import { overviewsRouter } from './overviews'
14import { videoPlaylistRouter } from './video-playlist' 15import { videoPlaylistRouter } from './video-playlist'
16import { CONFIG } from '../../initializers/config'
15 17
16const apiRouter = express.Router() 18const apiRouter = express.Router()
17 19
@@ -21,6 +23,14 @@ apiRouter.use(cors({
21 credentials: true 23 credentials: true
22})) 24}))
23 25
26// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138
27// @ts-ignore
28const apiRateLimiter = RateLimit({
29 windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,
30 max: CONFIG.RATES_LIMIT.API.MAX
31})
32apiRouter.use(apiRateLimiter)
33
24apiRouter.use('/server', serverRouter) 34apiRouter.use('/server', serverRouter)
25apiRouter.use('/oauth-clients', oauthClientsRouter) 35apiRouter.use('/oauth-clients', oauthClientsRouter)
26apiRouter.use('/config', configRouter) 36apiRouter.use('/config', configRouter)
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index c1d72087c..63747a0a9 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -3,7 +3,7 @@ import * as RateLimit from 'express-rate-limit'
3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' 3import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { getFormattedObjects } from '../../../helpers/utils' 5import { getFormattedObjects } from '../../../helpers/utils'
6import { RATES_LIMIT, WEBSERVER } from '../../../initializers/constants' 6import { WEBSERVER } from '../../../initializers/constants'
7import { Emailer } from '../../../lib/emailer' 7import { Emailer } from '../../../lib/emailer'
8import { Redis } from '../../../lib/redis' 8import { Redis } from '../../../lib/redis'
9import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user' 9import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
@@ -53,14 +53,21 @@ const auditLogger = auditLoggerFactory('users')
53// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138 53// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138
54// @ts-ignore 54// @ts-ignore
55const loginRateLimiter = RateLimit({ 55const loginRateLimiter = RateLimit({
56 windowMs: RATES_LIMIT.LOGIN.WINDOW_MS, 56 windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
57 max: RATES_LIMIT.LOGIN.MAX 57 max: CONFIG.RATES_LIMIT.LOGIN.MAX
58})
59
60// @ts-ignore
61const signupRateLimiter = RateLimit({
62 windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
63 max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
64 skipFailedRequests: true
58}) 65})
59 66
60// @ts-ignore 67// @ts-ignore
61const askSendEmailLimiter = new RateLimit({ 68const askSendEmailLimiter = new RateLimit({
62 windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS, 69 windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
63 max: RATES_LIMIT.ASK_SEND_EMAIL.MAX 70 max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
64}) 71})
65 72
66const usersRouter = express.Router() 73const usersRouter = express.Router()
@@ -114,6 +121,7 @@ usersRouter.post('/',
114) 121)
115 122
116usersRouter.post('/register', 123usersRouter.post('/register',
124 signupRateLimiter,
117 asyncMiddleware(ensureUserRegistrationAllowed), 125 asyncMiddleware(ensureUserRegistrationAllowed),
118 ensureUserRegistrationAllowedForIP, 126 ensureUserRegistrationAllowedForIP,
119 asyncMiddleware(usersRegisterValidator), 127 asyncMiddleware(usersRegisterValidator),