diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-09-17 16:16:11 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-09-17 16:16:11 +0300 |
| commit | e7afb67c5c26fcb07c1f8d4390c0573cebef9520 (patch) | |
| tree | 3a651340144d4b5f799df9fe9bf4d561dc60dd51 /lib/pleroma/web | |
| parent | a58f29b826333c1ecb0907228f0e087a3ecd9778 (diff) | |
| download | pleroma-e7afb67c5c26fcb07c1f8d4390c0573cebef9520.tar.gz | |
[#1260] Rate-limiting for create authentication and related requests.
Diffstat (limited to 'lib/pleroma/web')
| -rw-r--r-- | lib/pleroma/web/mongooseim/mongoose_im_controller.ex | 5 | ||||
| -rw-r--r-- | lib/pleroma/web/oauth/oauth_controller.ex | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex index b786a521b..6ed181cff 100644 --- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex +++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex @@ -4,10 +4,15 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do use Pleroma.Web, :controller + alias Comeonin.Pbkdf2 + alias Pleroma.Plugs.RateLimiter alias Pleroma.Repo alias Pleroma.User + plug(RateLimiter, :authentication when action in [:user_exists, :check_password]) + plug(RateLimiter, {:authentication, params: ["user"]} when action == :check_password) + def user_exists(conn, %{"user" => username}) do with %User{} <- Repo.get_by(User, nickname: username, local: true) do conn diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 81eae2c8b..281c7d2d8 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -24,6 +24,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do plug(:fetch_session) plug(:fetch_flash) + plug(Pleroma.Plugs.RateLimiter, :authentication when action == :create_authorization) action_fallback(Pleroma.Web.OAuth.FallbackController) |