[#1260] Rate-limiting for create authentication and related requests.
This commit is contained in:
parent
a58f29b826
commit
e7afb67c5c
@ -585,7 +585,7 @@ config :pleroma, :env, Mix.env()
|
|||||||
config :http_signatures,
|
config :http_signatures,
|
||||||
adapter: Pleroma.Signature
|
adapter: Pleroma.Signature
|
||||||
|
|
||||||
config :pleroma, :rate_limit, nil
|
config :pleroma, :rate_limit, authentication: {60_000, 15}
|
||||||
|
|
||||||
config :pleroma, Pleroma.ActivityExpiration, enabled: true
|
config :pleroma, Pleroma.ActivityExpiration, enabled: true
|
||||||
|
|
||||||
|
@ -2424,7 +2424,8 @@ config :pleroma, :config_description, [
|
|||||||
group: :pleroma,
|
group: :pleroma,
|
||||||
key: :rate_limit,
|
key: :rate_limit,
|
||||||
type: :group,
|
type: :group,
|
||||||
description: "Rate limit settings. This is an advanced feature and disabled by default.",
|
description:
|
||||||
|
"Rate limit settings. This is an advanced feature enabled only for :authentication by default.",
|
||||||
children: [
|
children: [
|
||||||
%{
|
%{
|
||||||
key: :search,
|
key: :search,
|
||||||
@ -2463,6 +2464,12 @@ config :pleroma, :config_description, [
|
|||||||
description:
|
description:
|
||||||
"for fav / unfav or reblog / unreblog actions on the same status by the same user",
|
"for fav / unfav or reblog / unreblog actions on the same status by the same user",
|
||||||
suggestions: [{1000, 10}, [{10_000, 10}, {10_000, 50}]]
|
suggestions: [{1000, 10}, [{10_000, 10}, {10_000, 50}]]
|
||||||
|
},
|
||||||
|
%{
|
||||||
|
key: :authentication,
|
||||||
|
type: [:tuple, {:list, :tuple}],
|
||||||
|
description: "for authentication create / password check / user existence check requests",
|
||||||
|
suggestions: [{60_000, 15}]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -4,10 +4,15 @@
|
|||||||
|
|
||||||
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
alias Comeonin.Pbkdf2
|
alias Comeonin.Pbkdf2
|
||||||
|
alias Pleroma.Plugs.RateLimiter
|
||||||
alias Pleroma.Repo
|
alias Pleroma.Repo
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
|
plug(RateLimiter, :authentication when action in [:user_exists, :check_password])
|
||||||
|
plug(RateLimiter, {:authentication, params: ["user"]} when action == :check_password)
|
||||||
|
|
||||||
def user_exists(conn, %{"user" => username}) do
|
def user_exists(conn, %{"user" => username}) do
|
||||||
with %User{} <- Repo.get_by(User, nickname: username, local: true) do
|
with %User{} <- Repo.get_by(User, nickname: username, local: true) do
|
||||||
conn
|
conn
|
||||||
|
@ -24,6 +24,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|||||||
|
|
||||||
plug(:fetch_session)
|
plug(:fetch_session)
|
||||||
plug(:fetch_flash)
|
plug(:fetch_flash)
|
||||||
|
plug(Pleroma.Plugs.RateLimiter, :authentication when action == :create_authorization)
|
||||||
|
|
||||||
action_fallback(Pleroma.Web.OAuth.FallbackController)
|
action_fallback(Pleroma.Web.OAuth.FallbackController)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user