From 288fe38590788fb737eb4280309846c76c51e7c3 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 31 Aug 2018 11:44:07 +0200 Subject: [PATCH] Use custom rate limiter when asking verif email --- server/controllers/api/users/index.ts | 8 +++++++- server/initializers/constants.ts | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index 008c34ca4..01ee73a53 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts @@ -42,6 +42,12 @@ const loginRateLimiter = new RateLimit({ delayMs: 0 }) +const askSendEmailLimiter = new RateLimit({ + windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS, + max: RATES_LIMIT.ASK_SEND_EMAIL.MAX, + delayMs: 0 +}) + const usersRouter = express.Router() usersRouter.use('/', meRouter) @@ -114,7 +120,7 @@ usersRouter.post('/:id/reset-password', ) usersRouter.post('/ask-send-verify-email', - loginRateLimiter, + askSendEmailLimiter, asyncMiddleware(usersAskSendVerifyEmailValidator), asyncMiddleware(askSendVerifyUserEmail) ) diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 16d8dca68..536d99713 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -364,6 +364,10 @@ const RATES_LIMIT = { LOGIN: { WINDOW_MS: 5 * 60 * 1000, // 5 minutes MAX: 15 // 15 attempts + }, + ASK_SEND_EMAIL: { + WINDOW_MS: 5 * 60 * 1000, // 5 minutes + MAX: 3 // 3 attempts } } -- 2.25.1