diff options
| author | Hazelnoot <acomputerdog@gmail.com> | 2025-02-02 17:23:36 -0500 |
|---|---|---|
| committer | Hazelnoot <acomputerdog@gmail.com> | 2025-02-05 11:20:25 -0500 |
| commit | 402933004a8094038e2fc9949626a7c2aa9ff9b1 (patch) | |
| tree | 6d6a9bab8b9886189cd0a4863265760b6132a67d | |
| parent | merge: Improve language detection. (!871) (diff) | |
| download | sharkey-402933004a8094038e2fc9949626a7c2aa9ff9b1.tar.gz sharkey-402933004a8094038e2fc9949626a7c2aa9ff9b1.tar.bz2 sharkey-402933004a8094038e2fc9949626a7c2aa9ff9b1.zip | |
increase sign-in rate limit
| -rw-r--r-- | packages/backend/src/server/api/SigninApiService.ts | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/packages/backend/src/server/api/SigninApiService.ts b/packages/backend/src/server/api/SigninApiService.ts index fa9155d82d..25ea03a356 100644 --- a/packages/backend/src/server/api/SigninApiService.ts +++ b/packages/backend/src/server/api/SigninApiService.ts @@ -27,11 +27,18 @@ import { CaptchaService } from '@/core/CaptchaService.js'; import { FastifyReplyError } from '@/misc/fastify-reply-error.js'; import { isSystemAccount } from '@/misc/is-system-account.js'; import { SkRateLimiterService } from '@/server/api/SkRateLimiterService.js'; -import { sendRateLimitHeaders } from '@/misc/rate-limit-utils.js'; +import { Keyed, RateLimit, sendRateLimitHeaders } from '@/misc/rate-limit-utils.js'; import { SigninService } from './SigninService.js'; import type { AuthenticationResponseJSON } from '@simplewebauthn/types'; import type { FastifyReply, FastifyRequest } from 'fastify'; +// Up to 10 attempts, then 1 per minute +const signinRateLimit: Keyed<RateLimit> = { + key: 'signin', + max: 10, + dripRate: 1000 * 60, +}; + @Injectable() export class SigninApiService { constructor( @@ -94,7 +101,7 @@ export class SigninApiService { } // not more than 1 attempt per second and not more than 10 attempts per hour - const rateLimit = await this.rateLimiterService.limit({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(request.ip)); + const rateLimit = await this.rateLimiterService.limit(signinRateLimit, getIpHash(request.ip)); sendRateLimitHeaders(reply, rateLimit); |