pierre/GeneIT
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add rate limiting

Browse Source
This commit is contained in:
Pierre HUBERT 2023-06-02 11:52:10 +02:00
parent 83d731c546
commit 29c0247b4b
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
geneit_backend/src/controllers/auth_controller.rs
View File

@ -239,8 +239,18 @@ pub struct StartOpenIDLoginResponse {
} }
/// Start OpenID login /// Start OpenID login
pub async fn start_openid_login(ip: RemoteIP, req: web::Json<StartOpenIDLoginQuery>) -> HttpResult { pub async fn start_openid_login(
let url = openid_service::start_login(&req.provider, ip.0).await?; remote_ip: RemoteIP,
req: web::Json<StartOpenIDLoginQuery>,
) -> HttpResult {
// Rate limiting
if rate_limiter_service::should_block_action(remote_ip.0, RatedAction::StartOpenIDLogin).await?
{
return Ok(HttpResponse::TooManyRequests().finish());
}
rate_limiter_service::record_action(remote_ip.0, RatedAction::StartOpenIDLogin).await?;
let url = openid_service::start_login(&req.provider, remote_ip.0).await?;
Ok(HttpResponse::Ok().json(StartOpenIDLoginResponse { url })) Ok(HttpResponse::Ok().json(StartOpenIDLoginResponse { url }))
} }

3
geneit_backend/src/services/rate_limiter_service.rs
View File

@ -9,6 +9,7 @@ pub enum RatedAction {
CheckResetPasswordTokenFailed, CheckResetPasswordTokenFailed,
RequestNewPasswordResetLink, RequestNewPasswordResetLink,
FailedPasswordLogin, FailedPasswordLogin,
StartOpenIDLogin,
} }
impl RatedAction { impl RatedAction {
@ -18,6 +19,7 @@ impl RatedAction {
RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token", RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token",
RatedAction::RequestNewPasswordResetLink => "req-pwd-reset-lnk", RatedAction::RequestNewPasswordResetLink => "req-pwd-reset-lnk",
RatedAction::FailedPasswordLogin => "failed-login", RatedAction::FailedPasswordLogin => "failed-login",
RatedAction::StartOpenIDLogin => "start-oidc-login",
} }
} }
@ -27,6 +29,7 @@ impl RatedAction {
RatedAction::CheckResetPasswordTokenFailed => 100, RatedAction::CheckResetPasswordTokenFailed => 100,
RatedAction::RequestNewPasswordResetLink => 5, RatedAction::RequestNewPasswordResetLink => 5,
RatedAction::FailedPasswordLogin => 15, RatedAction::FailedPasswordLogin => 15,
RatedAction::StartOpenIDLogin => 30,
} }
} }