forked from rDrama/rDrama
Rate limit failed logins.
parent
6271588056
commit
1f27b0fb2f
|
@ -72,10 +72,19 @@ def check_for_alts(current:User):
|
||||||
g.db.add(u)
|
g.db.add(u)
|
||||||
|
|
||||||
|
|
||||||
|
def login_deduct_when(resp):
|
||||||
|
if not g:
|
||||||
|
return False
|
||||||
|
elif not hasattr(g, 'login_failed'):
|
||||||
|
return False
|
||||||
|
return g.login_failed
|
||||||
|
|
||||||
@app.post("/login")
|
@app.post("/login")
|
||||||
@limiter.limit("1/5 seconds;6/minute;100/hour;500/day")
|
@limiter.limit("1/5 seconds;6/minute;15/hour;15/day",
|
||||||
|
deduct_when=login_deduct_when)
|
||||||
def login_post():
|
def login_post():
|
||||||
template = ''
|
template = ''
|
||||||
|
g.login_failed = True
|
||||||
|
|
||||||
username = request.values.get("username")
|
username = request.values.get("username")
|
||||||
|
|
||||||
|
@ -104,6 +113,7 @@ def login_post():
|
||||||
if account.mfa_secret:
|
if account.mfa_secret:
|
||||||
now = int(time.time())
|
now = int(time.time())
|
||||||
hash = generate_hash(f"{account.id}+{now}+2fachallenge")
|
hash = generate_hash(f"{account.id}+{now}+2fachallenge")
|
||||||
|
g.login_failed = False
|
||||||
return render_template("login_2fa.html",
|
return render_template("login_2fa.html",
|
||||||
v=account,
|
v=account,
|
||||||
time=now,
|
time=now,
|
||||||
|
@ -135,6 +145,7 @@ def login_post():
|
||||||
else:
|
else:
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
||||||
|
g.login_failed = False
|
||||||
on_login(account)
|
on_login(account)
|
||||||
|
|
||||||
redir = request.values.get("redirect")
|
redir = request.values.get("redirect")
|
||||||
|
@ -160,6 +171,7 @@ def on_login(account, redir=None):
|
||||||
if account.id == AEVANN_ID: session["verified"] = time.time()
|
if account.id == AEVANN_ID: session["verified"] = time.time()
|
||||||
check_for_alts(account)
|
check_for_alts(account)
|
||||||
|
|
||||||
|
|
||||||
@app.get("/me")
|
@app.get("/me")
|
||||||
@app.get("/@me")
|
@app.get("/@me")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
|
Loading…
Reference in New Issue