From 490b595a01c5824ff63ffb87f0efdfca95f4bf3b Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 29 Mar 2018 10:58:24 +0200 Subject: Prevent brute force login attack --- server/initializers/constants.ts | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'server/initializers/constants.ts') diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 284acf8f3..986fed099 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -127,6 +127,7 @@ const CONFIG = { URL: '', HOST: '' }, + TRUST_PROXY: config.get('trust_proxy'), LOG: { LEVEL: config.get('log.level') }, @@ -234,6 +235,13 @@ const CONSTRAINTS_FIELDS = { } } +const RATES_LIMIT = { + LOGIN: { + WINDOW_MS: 5 * 60 * 1000, // 5 minutes + MAX: 10 // 10 attempts + } +} + let VIDEO_VIEW_LIFETIME = 60000 * 60 // 1 hour const VIDEO_TRANSCODING_FPS = { MIN: 10, @@ -468,6 +476,7 @@ export { USER_PASSWORD_RESET_LIFETIME, IMAGE_MIMETYPE_EXT, SCHEDULER_INTERVAL, + RATES_LIMIT, JOB_COMPLETED_LIFETIME, VIDEO_VIEW_LIFETIME } -- cgit v1.2.3