yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-17 18:25:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add rate limit on auth routes

Browse Source
This commit is contained in:
Jim LAURIE 2018-08-01 14:56:31 +02:00
parent 6c091378a8
commit 738cbf656a
25 changed files with 41 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/strapi-email-amazon-ses/package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "strapi-email-amazon-ses", "name": "strapi-email-amazon-ses",
"version": "3.0.0-alpha.13", "version": "3.0.0-alpha.13.0.1",
"description": "Amazon SES provider for strapi email", "description": "Amazon SES provider for strapi email",
"homepage": "http://strapi.io", "homepage": "http://strapi.io",
"keywords": [ "keywords": [

1
packages/strapi-plugin-users-permissions/admin/src/translations/en.json
View File

@ -45,6 +45,7 @@
"Auth.form.error.params.provide": "Incorrect params provided.", "Auth.form.error.params.provide": "Incorrect params provided.",
"Auth.form.error.username.taken": "Username is already taken", "Auth.form.error.username.taken": "Username is already taken",
"Auth.form.error.email.taken": "Email is already taken", "Auth.form.error.email.taken": "Email is already taken",
"Auth.form.error.ratelimit": "Too many attempts, please try again in a minute.",
"Auth.link.forgot-password": "Forgot your password?", "Auth.link.forgot-password": "Forgot your password?",
"Auth.link.ready": "Ready to sign in?", "Auth.link.ready": "Ready to sign in?",

12
packages/strapi-plugin-users-permissions/config/policies/rateLimit.js Normal file
View File

@ -0,0 +1,12 @@
const RateLimit = require('koa2-ratelimit').RateLimit;
module.exports = async (ctx, next) => {
const message = ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.ratelimit' }] }] : 'Too many attempts, please try again in a minute.';
return RateLimit.middleware({
interval: 1*60*1000,
max: 5,
prefixKey: `${ctx.request.url}:${ctx.request.ip}`,
message
})(ctx, next);
};

10
packages/strapi-plugin-users-permissions/config/routes.json
View File

@ -153,7 +153,7 @@
"path": "/connect/*", "path": "/connect/*",
"handler": "Auth.connect", "handler": "Auth.connect",
"config": { "config": {
"policies": [], "policies": ["plugins.users-permissions.ratelimit"],
"prefix": "" "prefix": ""
} }
}, },
@ -162,7 +162,7 @@
"path": "/auth/local", "path": "/auth/local",
"handler": "Auth.callback", "handler": "Auth.callback",
"config": { "config": {
"policies": [], "policies": ["plugins.users-permissions.ratelimit"],
"prefix": "" "prefix": ""
} }
}, },
@ -171,7 +171,7 @@
"path": "/auth/local/register", "path": "/auth/local/register",
"handler": "Auth.register", "handler": "Auth.register",
"config": { "config": {
"policies": [], "policies": ["plugins.users-permissions.ratelimit"],
"prefix": "" "prefix": ""
} }
}, },
@ -189,7 +189,7 @@
"path": "/auth/forgot-password", "path": "/auth/forgot-password",
"handler": "Auth.forgotPassword", "handler": "Auth.forgotPassword",
"config": { "config": {
"policies": [], "policies": ["plugins.users-permissions.ratelimit"],
"prefix": "" "prefix": ""
} }
}, },
@ -198,7 +198,7 @@
"path": "/auth/reset-password", "path": "/auth/reset-password",
"handler": "Auth.changePassword", "handler": "Auth.changePassword",
"config": { "config": {
"policies": [], "policies": ["plugins.users-permissions.ratelimit"],
"prefix": "" "prefix": ""
} }
}, },

1
packages/strapi-plugin-users-permissions/package.json
View File

@ -26,6 +26,7 @@
"grant-koa": "^3.8.1", "grant-koa": "^3.8.1",
"jsonwebtoken": "^8.1.0", "jsonwebtoken": "^8.1.0",
"koa": "^2.1.0", "koa": "^2.1.0",
"koa2-ratelimit": "^0.6.1",
"purest": "^2.0.1", "purest": "^2.0.1",
"request": "^2.83.0", "request": "^2.83.0",
"uuid": "^3.1.0" "uuid": "^3.1.0"

2
packages/strapi-plugin-users-permissions/services/Providers.js
View File

@ -134,7 +134,7 @@ const getProfile = async (provider, query, callback) => {
callback(err); callback(err);
} else { } else {
// Combine username and discriminator because discord username is not unique // Combine username and discriminator because discord username is not unique
var username = body.username + '#' + body.discriminator; var username = `${body.username}#${body.discriminator}`;
callback(null, { callback(null, {
username: username, username: username,
email: body.email email: body.email