yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-12 15:32:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add rate limit on auth routes

Browse Source
This commit is contained in:
Jim LAURIE 2018-08-01 14:56:31 +02:00
parent 6c091378a8
commit 738cbf656a
25 changed files with 41 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/strapi-admin/package.json
View File

@ -51,4 +51,4 @@
"npm": ">= 5.0.0"
},
"license": "MIT"
}
}

4
packages/strapi-email-amazon-ses/package.json
View File

@ -1,6 +1,6 @@
{
"name": "strapi-email-amazon-ses",
"version": "3.0.0-alpha.13",
"version": "3.0.0-alpha.13.0.1",
"description": "Amazon SES provider for strapi email",
"homepage": "http://strapi.io",
"keywords": [
@ -42,4 +42,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-email-mailgun/package.json
View File

@ -42,4 +42,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-email-sendgrid/package.json
View File

@ -42,4 +42,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-email-sendmail/package.json
View File

@ -41,4 +41,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-generate-admin/package.json
View File

@ -42,4 +42,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-generate/package.json
View File

@ -43,4 +43,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-helper-plugin/package.json
View File

@ -115,4 +115,4 @@
"webpack-hot-middleware": "^2.18.2",
"whatwg-fetch": "^2.0.3"
}
}
}

2
packages/strapi-hook-knex/package.json
View File

@ -43,4 +43,4 @@
"npm": ">= 5.0.0"
},
"license": "MIT"
}
}

2
packages/strapi-hook-mongoose/package.json
View File

@ -45,4 +45,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-hook-redis/package.json
View File

@ -44,4 +44,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-lint/package.json
View File

@ -41,4 +41,4 @@
"babel-eslint": "^8.2.3",
"prettier": "^1.12.1"
}
}
}

2
packages/strapi-middleware-views/package.json
View File

@ -43,4 +43,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-plugin-graphql/package.json
View File

@ -49,4 +49,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

1
packages/strapi-plugin-users-permissions/admin/src/translations/en.json
View File

@ -45,6 +45,7 @@
"Auth.form.error.params.provide": "Incorrect params provided.",
"Auth.form.error.username.taken": "Username is already taken",
"Auth.form.error.email.taken": "Email is already taken",
"Auth.form.error.ratelimit": "Too many attempts, please try again in a minute.",
"Auth.link.forgot-password": "Forgot your password?",
"Auth.link.ready": "Ready to sign in?",

12
packages/strapi-plugin-users-permissions/config/policies/rateLimit.js Normal file
View File

@ -0,0 +1,12 @@
const RateLimit = require('koa2-ratelimit').RateLimit;
module.exports = async (ctx, next) => {
const message = ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.ratelimit' }] }] : 'Too many attempts, please try again in a minute.';
return RateLimit.middleware({
interval: 1*60*1000,
max: 5,
prefixKey: `${ctx.request.url}:${ctx.request.ip}`,
message
})(ctx, next);
};

10
packages/strapi-plugin-users-permissions/config/routes.json
View File

@ -153,7 +153,7 @@
"path": "/connect/*",
"handler": "Auth.connect",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -162,7 +162,7 @@
"path": "/auth/local",
"handler": "Auth.callback",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -171,7 +171,7 @@
"path": "/auth/local/register",
"handler": "Auth.register",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -189,7 +189,7 @@
"path": "/auth/forgot-password",
"handler": "Auth.forgotPassword",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -198,7 +198,7 @@
"path": "/auth/reset-password",
"handler": "Auth.changePassword",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},

1
packages/strapi-plugin-users-permissions/package.json
View File

@ -26,6 +26,7 @@
"grant-koa": "^3.8.1",
"jsonwebtoken": "^8.1.0",
"koa": "^2.1.0",
"koa2-ratelimit": "^0.6.1",
"purest": "^2.0.1",
"request": "^2.83.0",
"uuid": "^3.1.0"

2
packages/strapi-plugin-users-permissions/services/Providers.js
View File

@ -134,7 +134,7 @@ const getProfile = async (provider, query, callback) => {
callback(err);
} else {
// Combine username and discriminator because discord username is not unique
var username = body.username + '#' + body.discriminator;
var username = `${body.username}#${body.discriminator}`;
callback(null, {
username: username,
email: body.email

2
packages/strapi-upload-aws-s3/package.json
View File

@ -43,4 +43,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-upload-cloudinary/package.json
View File

@ -43,4 +43,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-upload-local/package.json
View File

@ -39,4 +39,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi-upload-rackspace/package.json
View File

@ -13,4 +13,4 @@
"pkgcloud": "^1.5.0",
"streamifier": "^0.1.1"
}
}
}

2
packages/strapi-utils/package.json
View File

@ -49,4 +49,4 @@
"npm": ">= 5.3.0"
},
"license": "MIT"
}
}

2
packages/strapi/package.json
View File

@ -91,4 +91,4 @@
},
"preferGlobal": true,
"license": "MIT"
}
}