From c1340a6ac35f924161e6ec2a1d728e20c89e55c8 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 4 Jul 2019 16:42:40 +0200
Subject: Add rate limit to registration and API endpoints

---
 config/default.yaml            | 8 ++++++++
 config/production.yaml.example | 8 ++++++++
 config/test.yaml               | 8 ++++++++
 3 files changed, 24 insertions(+)

(limited to 'config')

diff --git a/config/default.yaml b/config/default.yaml
index a213d5b0a..be5c8993c 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -10,10 +10,18 @@ webserver:
   port: 9000
 
 rates_limit:
+  api:
+    # 50 attempts in 10 seconds
+    window: 10 seconds
+    max: 50
   login:
     # 15 attempts in 5 min
     window: 5 minutes
     max: 15
+  signup:
+    # 2 attempts in 5 min (only succeeded attempts are taken into account)
+    window: 5 minutes
+    max: 2
   ask_send_email:
     # 3 attempts in 5 min
     window: 5 minutes
diff --git a/config/production.yaml.example b/config/production.yaml.example
index cdf6136d8..f55f5c096 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -9,10 +9,18 @@ webserver:
   port: 443
 
 rates_limit:
+  api:
+    # 50 attempts in 10 seconds
+    window: 10 seconds
+    max: 50
   login:
     # 15 attempts in 5 min
     window: 5 minutes
     max: 15
+  signup:
+    # 2 attempts in 5 min (only succeeded attempts are taken into account)
+    window: 5 minutes
+    max: 2
   ask_send_email:
     # 3 attempts in 5 min
     window: 5 minutes
diff --git a/config/test.yaml b/config/test.yaml
index 8d3921614..0a5df75be 100644
--- a/config/test.yaml
+++ b/config/test.yaml
@@ -5,6 +5,14 @@ listen:
 webserver:
   https: false
 
+rates_limit:
+  signup:
+    window: 10 minutes
+    max: 50
+  login:
+    window: 5 minutes
+    max: 20
+
 database:
   hostname: 'localhost'
   port: 5432
-- 
cgit v1.2.3