From 29c0247b4bf0b6c5de2fdd11dc6f319937f7b80a Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Fri, 2 Jun 2023 11:52:10 +0200 Subject: [PATCH] Add rate limiting --- geneit_backend/src/controllers/auth_controller.rs | 14 ++++++++++++-- .../src/services/rate_limiter_service.rs | 3 +++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/geneit_backend/src/controllers/auth_controller.rs b/geneit_backend/src/controllers/auth_controller.rs index cb4e418..7b536cc 100644 --- a/geneit_backend/src/controllers/auth_controller.rs +++ b/geneit_backend/src/controllers/auth_controller.rs @@ -239,8 +239,18 @@ pub struct StartOpenIDLoginResponse { } /// Start OpenID login -pub async fn start_openid_login(ip: RemoteIP, req: web::Json) -> HttpResult { - let url = openid_service::start_login(&req.provider, ip.0).await?; +pub async fn start_openid_login( + remote_ip: RemoteIP, + req: web::Json, +) -> HttpResult { + // Rate limiting + if rate_limiter_service::should_block_action(remote_ip.0, RatedAction::StartOpenIDLogin).await? + { + return Ok(HttpResponse::TooManyRequests().finish()); + } + rate_limiter_service::record_action(remote_ip.0, RatedAction::StartOpenIDLogin).await?; + + let url = openid_service::start_login(&req.provider, remote_ip.0).await?; Ok(HttpResponse::Ok().json(StartOpenIDLoginResponse { url })) } diff --git a/geneit_backend/src/services/rate_limiter_service.rs b/geneit_backend/src/services/rate_limiter_service.rs index 18c51ed..e819029 100644 --- a/geneit_backend/src/services/rate_limiter_service.rs +++ b/geneit_backend/src/services/rate_limiter_service.rs @@ -9,6 +9,7 @@ pub enum RatedAction { CheckResetPasswordTokenFailed, RequestNewPasswordResetLink, FailedPasswordLogin, + StartOpenIDLogin, } impl RatedAction { @@ -18,6 +19,7 @@ impl RatedAction { RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token", RatedAction::RequestNewPasswordResetLink => "req-pwd-reset-lnk", RatedAction::FailedPasswordLogin => "failed-login", + RatedAction::StartOpenIDLogin => "start-oidc-login", } } @@ -27,6 +29,7 @@ impl RatedAction { RatedAction::CheckResetPasswordTokenFailed => 100, RatedAction::RequestNewPasswordResetLink => 5, RatedAction::FailedPasswordLogin => 15, + RatedAction::StartOpenIDLogin => 30, } }