yetangitu/Peertube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2025-10-04 02:09:37 +02:00
Code Issues Releases Wiki Activity

Add rate limit to registration and API endpoints

Browse source
This commit is contained in:
Chocobozzz 2019-07-04 16:42:40 +02:00
parent fd0bfc3ac4
commit c1340a6ac3
No known key found for this signature in database
GPG key ID: 583A612D890159BE
9 changed files with 112 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

10
server/controllers/api/index.ts
View file

@ -1,4 +1,5 @@
import * as express from 'express'
import * as RateLimit from 'express-rate-limit'
import { configRouter } from './config'
import { jobsRouter } from './jobs'
import { oauthClientsRouter } from './oauth-clients'
@ -12,6 +13,7 @@ import * as cors from 'cors'
import { searchRouter } from './search'
import { overviewsRouter } from './overviews'
import { videoPlaylistRouter } from './video-playlist'
import { CONFIG } from '../../initializers/config'
const apiRouter = express.Router()
@ -21,6 +23,14 @@ apiRouter.use(cors({
credentials: true
}))
// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138
// @ts-ignore
const apiRateLimiter = RateLimit({
windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,
max: CONFIG.RATES_LIMIT.API.MAX
})
apiRouter.use(apiRateLimiter)
apiRouter.use('/server', serverRouter)
apiRouter.use('/oauth-clients', oauthClientsRouter)
apiRouter.use('/config', configRouter)

18
server/controllers/api/users/index.ts
View file

@ -3,7 +3,7 @@ import * as RateLimit from 'express-rate-limit'
import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { getFormattedObjects } from '../../../helpers/utils'
import { RATES_LIMIT, WEBSERVER } from '../../../initializers/constants'
import { WEBSERVER } from '../../../initializers/constants'
import { Emailer } from '../../../lib/emailer'
import { Redis } from '../../../lib/redis'
import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
@ -53,14 +53,21 @@ const auditLogger = auditLoggerFactory('users')
// FIXME: https://github.com/nfriedly/express-rate-limit/issues/138
// @ts-ignore
const loginRateLimiter = RateLimit({
windowMs: RATES_LIMIT.LOGIN.WINDOW_MS,
max: RATES_LIMIT.LOGIN.MAX
windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
max: CONFIG.RATES_LIMIT.LOGIN.MAX
})
// @ts-ignore
const signupRateLimiter = RateLimit({
windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
skipFailedRequests: true
})
// @ts-ignore
const askSendEmailLimiter = new RateLimit({
windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
max: RATES_LIMIT.ASK_SEND_EMAIL.MAX
windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
})
const usersRouter = express.Router()
@ -114,6 +121,7 @@ usersRouter.post('/',
)
usersRouter.post('/register',
signupRateLimiter,
asyncMiddleware(ensureUserRegistrationAllowed),
ensureUserRegistrationAllowedForIP,
asyncMiddleware(usersRegisterValidator),