forked from rDrama/rDrama
Rate limit failed logins.
parent
6271588056
commit
1f27b0fb2f
|
@ -72,10 +72,19 @@ def check_for_alts(current:User):
|
|||
g.db.add(u)
|
||||
|
||||
|
||||
def login_deduct_when(resp):
|
||||
if not g:
|
||||
return False
|
||||
elif not hasattr(g, 'login_failed'):
|
||||
return False
|
||||
return g.login_failed
|
||||
|
||||
@app.post("/login")
|
||||
@limiter.limit("1/5 seconds;6/minute;100/hour;500/day")
|
||||
@limiter.limit("1/5 seconds;6/minute;15/hour;15/day",
|
||||
deduct_when=login_deduct_when)
|
||||
def login_post():
|
||||
template = ''
|
||||
g.login_failed = True
|
||||
|
||||
username = request.values.get("username")
|
||||
|
||||
|
@ -104,6 +113,7 @@ def login_post():
|
|||
if account.mfa_secret:
|
||||
now = int(time.time())
|
||||
hash = generate_hash(f"{account.id}+{now}+2fachallenge")
|
||||
g.login_failed = False
|
||||
return render_template("login_2fa.html",
|
||||
v=account,
|
||||
time=now,
|
||||
|
@ -135,6 +145,7 @@ def login_post():
|
|||
else:
|
||||
abort(400)
|
||||
|
||||
g.login_failed = False
|
||||
on_login(account)
|
||||
|
||||
redir = request.values.get("redirect")
|
||||
|
@ -160,6 +171,7 @@ def on_login(account, redir=None):
|
|||
if account.id == AEVANN_ID: session["verified"] = time.time()
|
||||
check_for_alts(account)
|
||||
|
||||
|
||||
@app.get("/me")
|
||||
@app.get("/@me")
|
||||
@auth_required
|
||||
|
|
Loading…
Reference in New Issue