[#1260] Rate-limiting for create authentication and related requests.

2019-09-17 16:16:11 +03:00 · 2019-09-17 16:16:11 +03:00 · e7afb67c5c
commit e7afb67c5c
parent a58f29b826
4 changed files with 15 additions and 2 deletions
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@ -4,10 +4,15 @@

 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
  use Pleroma.Web, :controller
+
  alias Comeonin.Pbkdf2
+  alias Pleroma.Plugs.RateLimiter
  alias Pleroma.Repo
  alias Pleroma.User

+  plug(RateLimiter, :authentication when action in [:user_exists, :check_password])
+  plug(RateLimiter, {:authentication, params: ["user"]} when action == :check_password)
+
  def user_exists(conn, %{"user" => username}) do
    with %User{} <- Repo.get_by(User, nickname: username, local: true) do
      conn