aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--server/controllers/api/users/index.ts8
-rw-r--r--server/initializers/constants.ts4
2 files changed, 11 insertions, 1 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 008c34ca4..01ee73a53 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -42,6 +42,12 @@ const loginRateLimiter = new RateLimit({
42 delayMs: 0 42 delayMs: 0
43}) 43})
44 44
45const askSendEmailLimiter = new RateLimit({
46 windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
47 max: RATES_LIMIT.ASK_SEND_EMAIL.MAX,
48 delayMs: 0
49})
50
45const usersRouter = express.Router() 51const usersRouter = express.Router()
46usersRouter.use('/', meRouter) 52usersRouter.use('/', meRouter)
47 53
@@ -114,7 +120,7 @@ usersRouter.post('/:id/reset-password',
114) 120)
115 121
116usersRouter.post('/ask-send-verify-email', 122usersRouter.post('/ask-send-verify-email',
117 loginRateLimiter, 123 askSendEmailLimiter,
118 asyncMiddleware(usersAskSendVerifyEmailValidator), 124 asyncMiddleware(usersAskSendVerifyEmailValidator),
119 asyncMiddleware(askSendVerifyUserEmail) 125 asyncMiddleware(askSendVerifyUserEmail)
120) 126)
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 16d8dca68..536d99713 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -364,6 +364,10 @@ const RATES_LIMIT = {
364 LOGIN: { 364 LOGIN: {
365 WINDOW_MS: 5 * 60 * 1000, // 5 minutes 365 WINDOW_MS: 5 * 60 * 1000, // 5 minutes
366 MAX: 15 // 15 attempts 366 MAX: 15 // 15 attempts
367 },
368 ASK_SEND_EMAIL: {
369 WINDOW_MS: 5 * 60 * 1000, // 5 minutes
370 MAX: 3 // 3 attempts
367 } 371 }
368} 372}
369 373
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 21:55:00 +0000