Mizah/Sharkey
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix IP address rate limit (#8758)

Browse source 
* Fix IP address rate limit

* CHANGELOG

* Tune getIpHash
This commit is contained in:
MeiMei 2022-05-31 17:44:22 +09:00 committed by GitHub
parent a98194bf1b
commit c05723ca6a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/backend/src/server/api/private/signin.ts
View file

@ -10,6 +10,7 @@ import { verifyLogin, hash } from '../2fa.js';
import { randomBytes } from 'node:crypto';
import { IsNull } from 'typeorm';
import { limiter } from '../limiter.js';
import { getIpHash } from '@/misc/get-ip-hash.js';
export default async (ctx: Koa.Context) => {
ctx.set('Access-Control-Allow-Origin', config.url);
@ -27,7 +28,7 @@ export default async (ctx: Koa.Context) => {
try {
// not more than 1 attempt per second and not more than 10 attempts per hour
await limiter({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, ctx.ip);
await limiter({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(ctx.ip));
} catch (err) {
ctx.status = 429;
ctx.body = {