diff options
| author | dakkar <dakkar@thenautilus.net> | 2024-12-08 20:49:07 +0000 |
|---|---|---|
| committer | dakkar <dakkar@thenautilus.net> | 2024-12-08 20:49:07 +0000 |
| commit | 92ffd2a5fc7dc063d85f1a052e0ffff31b74fea9 (patch) | |
| tree | 79f0848608b35117cca373f2dcc26f6aba5dc894 /packages/backend/src/server/api/SigninApiService.ts | |
| parent | merge: Data driven about page sections (and add me as a contributor!) (!800) (diff) | |
| parent | fix type errors from new rate limit definitions (diff) | |
| download | sharkey-92ffd2a5fc7dc063d85f1a052e0ffff31b74fea9.tar.gz sharkey-92ffd2a5fc7dc063d85f1a052e0ffff31b74fea9.tar.bz2 sharkey-92ffd2a5fc7dc063d85f1a052e0ffff31b74fea9.zip | |
merge: Implement new SkRateLimiterServer with Leaky Bucket rate limits (resolves #592) (!799)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/799
Closes #592
Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
Diffstat (limited to 'packages/backend/src/server/api/SigninApiService.ts')
| -rw-r--r-- | packages/backend/src/server/api/SigninApiService.ts | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/packages/backend/src/server/api/SigninApiService.ts b/packages/backend/src/server/api/SigninApiService.ts index 64af7da7a6..1a4ce0a54c 100644 --- a/packages/backend/src/server/api/SigninApiService.ts +++ b/packages/backend/src/server/api/SigninApiService.ts @@ -21,12 +21,13 @@ import { IdService } from '@/core/IdService.js'; import { bindThis } from '@/decorators.js'; import { WebAuthnService } from '@/core/WebAuthnService.js'; import { UserAuthService } from '@/core/UserAuthService.js'; -import { RateLimiterService } from './RateLimiterService.js'; +import { isSystemAccount } from '@/misc/is-system-account.js'; +import type { MiMeta } from '@/models/_.js'; +import { SkRateLimiterService } from '@/server/api/SkRateLimiterService.js'; +import { sendRateLimitHeaders } from '@/misc/rate-limit-utils.js'; import { SigninService } from './SigninService.js'; import type { AuthenticationResponseJSON } from '@simplewebauthn/types'; import type { FastifyReply, FastifyRequest } from 'fastify'; -import { isSystemAccount } from '@/misc/is-system-account.js'; -import type { MiMeta } from '@/models/_.js'; @Injectable() export class SigninApiService { @@ -47,7 +48,7 @@ export class SigninApiService { private signinsRepository: SigninsRepository, private idService: IdService, - private rateLimiterService: RateLimiterService, + private rateLimiterService: SkRateLimiterService, private signinService: SigninService, private userAuthService: UserAuthService, private webAuthnService: WebAuthnService, @@ -79,10 +80,12 @@ export class SigninApiService { return { error }; } - try { // not more than 1 attempt per second and not more than 10 attempts per hour - await this.rateLimiterService.limit({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(request.ip)); - } catch (err) { + const rateLimit = await this.rateLimiterService.limit({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(request.ip)); + + sendRateLimitHeaders(reply, rateLimit); + + if (rateLimit.blocked) { reply.code(429); return { error: { |