mirror of
https://github.com/LemmyNet/lemmy.git
synced 2024-11-24 23:30:56 +00:00
Stricter rate limit for login (#4718)
This commit is contained in:
parent
723cb549d4
commit
49bb17b583
File diff suppressed because it is too large
Load diff
|
@ -262,12 +262,22 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
|
||||||
// User
|
// User
|
||||||
.service(
|
.service(
|
||||||
// Account action, I don't like that it's in /user maybe /accounts
|
// Account action, I don't like that it's in /user maybe /accounts
|
||||||
// Handle /user/register separately to add the register() rate limitter
|
// Handle /user/register separately to add the register() rate limiter
|
||||||
web::resource("/user/register")
|
web::resource("/user/register")
|
||||||
.guard(guard::Post())
|
.guard(guard::Post())
|
||||||
.wrap(rate_limit.register())
|
.wrap(rate_limit.register())
|
||||||
.route(web::post().to(register)),
|
.route(web::post().to(register)),
|
||||||
)
|
)
|
||||||
|
// User
|
||||||
|
.service(
|
||||||
|
// Handle /user/login separately to add the register() rate limiter
|
||||||
|
// TODO: pretty annoying way to apply rate limits for register and login, we should
|
||||||
|
// group them under a common path so that rate limit is only applied once (eg under /account).
|
||||||
|
web::resource("/user/login")
|
||||||
|
.guard(guard::Post())
|
||||||
|
.wrap(rate_limit.register())
|
||||||
|
.route(web::post().to(login)),
|
||||||
|
)
|
||||||
.service(
|
.service(
|
||||||
// Handle captcha separately
|
// Handle captcha separately
|
||||||
web::resource("/user/get_captcha")
|
web::resource("/user/get_captcha")
|
||||||
|
@ -306,7 +316,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
|
||||||
.route("/banned", web::get().to(list_banned_users))
|
.route("/banned", web::get().to(list_banned_users))
|
||||||
.route("/block", web::post().to(block_person))
|
.route("/block", web::post().to(block_person))
|
||||||
// TODO Account actions. I don't like that they're in /user maybe /accounts
|
// TODO Account actions. I don't like that they're in /user maybe /accounts
|
||||||
.route("/login", web::post().to(login))
|
|
||||||
.route("/logout", web::post().to(logout))
|
.route("/logout", web::post().to(logout))
|
||||||
.route("/delete_account", web::post().to(delete_account))
|
.route("/delete_account", web::post().to(delete_account))
|
||||||
.route("/password_reset", web::post().to(reset_password))
|
.route("/password_reset", web::post().to(reset_password))
|
||||||
|
|
Loading…
Reference in a new issue