sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: rate-limiting

Browse Source 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson
2024-12-11 17:39:45 +01:00
committed by Philip Molares
parent e8f4cbabec
commit 876ebad1f3
10 changed files with 70 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/web/auth/email/index.js
View File

@@ -9,6 +9,7 @@ const models = require('../../../models')
const logger = require('../../../logger')
const { urlencodedParser } = require('../../utils')
const errors = require('../../../errors')
const rateLimit = require('../../middleware/rateLimit')
const emailAuth = module.exports = Router()
@@ -37,7 +38,7 @@ passport.use(new LocalStrategy({
}))
if (config.allowEmailRegister) {
emailAuth.post('/register', urlencodedParser, function (req, res, next) {
emailAuth.post('/register', rateLimit.userEndpoints, urlencodedParser, function (req, res, next) {
if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
models.User.findOrCreate({
@@ -67,7 +68,7 @@ if (config.allowEmailRegister) {
})
}
emailAuth.post('/login', urlencodedParser, function (req, res, next) {
emailAuth.post('/login', rateLimit.userEndpoints, urlencodedParser, function (req, res, next) {
if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
passport.authenticate('local', {