Adding a captcha rate limit. Fixes #1755

2021-11-22 15:08:25 -05:00 · 2021-11-22 15:08:25 -05:00 · 26bd4083e0
parent 3e062a9959
commit 26bd4083e0
2 changed files with 10 additions and 2 deletions
--- a/crates/websocket/src/chat_server.rs
+++ b/crates/websocket/src/chat_server.rs
@ -491,7 +491,10 @@ impl ChatServer {
      } else {
        let user_operation = UserOperation::from_str(op)?;
        let fut = (message_handler)(context, msg.id, user_operation.clone(), data);
-        rate_limiter.message().wrap(ip, fut).await
+        match user_operation {
+          UserOperation::GetCaptcha => rate_limiter.image().wrap(ip, fut).await,
+          _ => rate_limiter.message().wrap(ip, fut).await,
+        }
      }
    }
  }
--- a/src/api_routes.rs
+++ b/src/api_routes.rs
@ -156,6 +156,12 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
          .wrap(rate_limit.register())
          .route(web::post().to(route_post_crud::<Register>)),
      )
+      .service(
+        // Handle captcha separately
+        web::resource("/user/get_captcha")
+          .wrap(rate_limit.image())
+          .route(web::get().to(route_get::<GetCaptcha>)),
+      )
      // User actions
      .service(
        web::scope("/user")
@ -173,7 +179,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
          .route("/block", web::post().to(route_post::<BlockPerson>))
          // Account actions. I don't like that they're in /user maybe /accounts
          .route("/login", web::post().to(route_post::<Login>))
-          .route("/get_captcha", web::get().to(route_get::<GetCaptcha>))
          .route(
            "/delete_account",
            web::post().to(route_post_crud::<DeleteAccount>),