summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/SigninApiService.ts
diff options
context:
space:
mode:
authorかっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>2025-12-20 19:07:05 +0900
committerGitHub <noreply@github.com>2025-12-20 19:07:05 +0900
commitee8dccea2ffb151636e520f71b7dfe2b91e06c71 (patch)
tree920d627b4d1f246684c799cc5312fbd99cc689b6 /packages/backend/src/server/api/SigninApiService.ts
parentfix(frontend): iPadOSのPWAでアプリを切り替えた際にウィジェ... (diff)
downloadmisskey-ee8dccea2ffb151636e520f71b7dfe2b91e06c71.tar.gz
misskey-ee8dccea2ffb151636e520f71b7dfe2b91e06c71.tar.bz2
misskey-ee8dccea2ffb151636e520f71b7dfe2b91e06c71.zip
fix(backend): fix #16994 by approach 6 (#17005)
* fix(backend): narrow down trustproxy default value and enhance documentation on how to configure it * Update Changelog * indent [ci skip] * Update CHANGELOG.md [ci skip] * add cloudflare specific example * Update .config/example.yml Co-authored-by: anatawa12 <anatawa12@icloud.com> * fix: productionでIPレートリミットされる際にlocalhostからリクエストが来たらログを残すように * fix: wrong condition * fix: use own logger for signin api * flip configuration * fix * fix [ci skip] * fix: wrong message [ci skip] * fix: どこがおかしいか明記 [ci skip] --------- Co-authored-by: anatawa12 <anatawa12@icloud.com>
Diffstat (limited to 'packages/backend/src/server/api/SigninApiService.ts')
-rw-r--r--packages/backend/src/server/api/SigninApiService.ts13
1 files changed, 10 insertions, 3 deletions
diff --git a/packages/backend/src/server/api/SigninApiService.ts b/packages/backend/src/server/api/SigninApiService.ts
index 14726f8411..00e8828242 100644
--- a/packages/backend/src/server/api/SigninApiService.ts
+++ b/packages/backend/src/server/api/SigninApiService.ts
@@ -15,6 +15,7 @@ import type {
UserSecurityKeysRepository,
UsersRepository,
} from '@/models/_.js';
+import type Logger from '@/logger.js';
import type { Config } from '@/config.js';
import { getIpHash } from '@/misc/get-ip-hash.js';
import type { MiLocalUser } from '@/models/User.js';
@@ -23,6 +24,7 @@ import { bindThis } from '@/decorators.js';
import { WebAuthnService } from '@/core/WebAuthnService.js';
import { UserAuthService } from '@/core/UserAuthService.js';
import { CaptchaService } from '@/core/CaptchaService.js';
+import { LoggerService } from '@/core/LoggerService.js';
import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
import { RateLimiterService } from './RateLimiterService.js';
import { SigninService } from './SigninService.js';
@@ -31,6 +33,8 @@ import type { FastifyReply, FastifyRequest } from 'fastify';
@Injectable()
export class SigninApiService {
+ private logger: Logger;
+
constructor(
@Inject(DI.config)
private config: Config,
@@ -50,6 +54,7 @@ export class SigninApiService {
@Inject(DI.signinsRepository)
private signinsRepository: SigninsRepository,
+ private loggerService: LoggerService,
private idService: IdService,
private rateLimiterService: RateLimiterService,
private signinService: SigninService,
@@ -57,6 +62,7 @@ export class SigninApiService {
private webAuthnService: WebAuthnService,
private captchaService: CaptchaService,
) {
+ this.logger = this.loggerService.getLogger('Signin');
}
@bindThis
@@ -89,10 +95,11 @@ export class SigninApiService {
return { error };
}
- if (request.ip === '::1' || request.ip === '127.0.0.1') {
- console.warn('request ip is localhost, maybe caused by misconfiguration of trustProxy or reverse proxy');
- } else {
// not more than 1 attempt per second and not more than 10 attempts per hour
+ if (this.config.enableIpRateLimit) {
+ if (process.env.NODE_ENV === 'production' && (request.ip === '::1' || request.ip === '127.0.0.1')) {
+ this.logger.warn('Recieved signin request from localhost IP address for rate limiting in production environment. This is likely due to an improper trustProxy setting in the config file.');
+ }
const rateLimit = await this.rateLimiterService.limit({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(request.ip));
if (rateLimit != null) {
reply.code(429);
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-07 23:36:39 +0000