From: Chocobozzz Date: Fri, 31 Aug 2018 09:44:07 +0000 (+0200) Subject: Use custom rate limiter when asking verif email X-Git-Tag: v1.0.0-beta.12~68 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=288fe38590788fb737eb4280309846c76c51e7c3;p=oweals%2Fpeertube.git Use custom rate limiter when asking verif email --- diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index 008c34ca4..01ee73a53 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts @@ -42,6 +42,12 @@ const loginRateLimiter = new RateLimit({ delayMs: 0 }) +const askSendEmailLimiter = new RateLimit({ + windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS, + max: RATES_LIMIT.ASK_SEND_EMAIL.MAX, + delayMs: 0 +}) + const usersRouter = express.Router() usersRouter.use('/', meRouter) @@ -114,7 +120,7 @@ usersRouter.post('/:id/reset-password', ) usersRouter.post('/ask-send-verify-email', - loginRateLimiter, + askSendEmailLimiter, asyncMiddleware(usersAskSendVerifyEmailValidator), asyncMiddleware(askSendVerifyUserEmail) ) diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 16d8dca68..536d99713 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -364,6 +364,10 @@ const RATES_LIMIT = { LOGIN: { WINDOW_MS: 5 * 60 * 1000, // 5 minutes MAX: 15 // 15 attempts + }, + ASK_SEND_EMAIL: { + WINDOW_MS: 5 * 60 * 1000, // 5 minutes + MAX: 3 // 3 attempts } }