yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-12 23:44:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add rate limit on auth routes

Browse Source
This commit is contained in:
Jim LAURIE 2018-08-01 14:56:31 +02:00
parent 6c091378a8
commit 738cbf656a
25 changed files with 41 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/strapi-email-amazon-ses/package.json
View File

@ -1,6 +1,6 @@
{
"name": "strapi-email-amazon-ses",
"version": "3.0.0-alpha.13",
"version": "3.0.0-alpha.13.0.1",
"description": "Amazon SES provider for strapi email",
"homepage": "http://strapi.io",
"keywords": [

1
packages/strapi-plugin-users-permissions/admin/src/translations/en.json
View File

@ -45,6 +45,7 @@
"Auth.form.error.params.provide": "Incorrect params provided.",
"Auth.form.error.username.taken": "Username is already taken",
"Auth.form.error.email.taken": "Email is already taken",
"Auth.form.error.ratelimit": "Too many attempts, please try again in a minute.",
"Auth.link.forgot-password": "Forgot your password?",
"Auth.link.ready": "Ready to sign in?",

12
packages/strapi-plugin-users-permissions/config/policies/rateLimit.js Normal file
View File

@ -0,0 +1,12 @@
const RateLimit = require('koa2-ratelimit').RateLimit;
module.exports = async (ctx, next) => {
const message = ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.ratelimit' }] }] : 'Too many attempts, please try again in a minute.';
return RateLimit.middleware({
interval: 1*60*1000,
max: 5,
prefixKey: `${ctx.request.url}:${ctx.request.ip}`,
message
})(ctx, next);
};

10
packages/strapi-plugin-users-permissions/config/routes.json
View File

@ -153,7 +153,7 @@
"path": "/connect/*",
"handler": "Auth.connect",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -162,7 +162,7 @@
"path": "/auth/local",
"handler": "Auth.callback",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -171,7 +171,7 @@
"path": "/auth/local/register",
"handler": "Auth.register",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -189,7 +189,7 @@
"path": "/auth/forgot-password",
"handler": "Auth.forgotPassword",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},
@ -198,7 +198,7 @@
"path": "/auth/reset-password",
"handler": "Auth.changePassword",
"config": {
"policies": [],
"policies": ["plugins.users-permissions.ratelimit"],
"prefix": ""
}
},

1
packages/strapi-plugin-users-permissions/package.json
View File

@ -26,6 +26,7 @@
"grant-koa": "^3.8.1",
"jsonwebtoken": "^8.1.0",
"koa": "^2.1.0",
"koa2-ratelimit": "^0.6.1",
"purest": "^2.0.1",
"request": "^2.83.0",
"uuid": "^3.1.0"

2
packages/strapi-plugin-users-permissions/services/Providers.js
View File

@ -134,7 +134,7 @@ const getProfile = async (provider, query, callback) => {
callback(err);
} else {
// Combine username and discriminator because discord username is not unique
var username = body.username + '#' + body.discriminator;
var username = `${body.username}#${body.discriminator}`;
callback(null, {
username: username,
email: body.email