From e765b42d46ae6b98f1339e273c0040dc161b6023 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Thu, 25 Nov 2021 08:04:19 -0500 Subject: [PATCH] Adding a captcha rate limit. Fixes #1755 (#1941) * Adding a captcha rate limit. Fixes #1755 * Changing to post rate limit. --- crates/websocket/src/chat_server.rs | 5 ++++- src/api_routes.rs | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/crates/websocket/src/chat_server.rs b/crates/websocket/src/chat_server.rs index 9fa258ff4..2b58b2c1e 100644 --- a/crates/websocket/src/chat_server.rs +++ b/crates/websocket/src/chat_server.rs @@ -491,7 +491,10 @@ impl ChatServer { } else { let user_operation = UserOperation::from_str(op)?; let fut = (message_handler)(context, msg.id, user_operation.clone(), data); - rate_limiter.message().wrap(ip, fut).await + match user_operation { + UserOperation::GetCaptcha => rate_limiter.post().wrap(ip, fut).await, + _ => rate_limiter.message().wrap(ip, fut).await, + } } } } diff --git a/src/api_routes.rs b/src/api_routes.rs index 9f06c5bef..ae5fa40c1 100644 --- a/src/api_routes.rs +++ b/src/api_routes.rs @@ -161,6 +161,12 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) { .wrap(rate_limit.register()) .route(web::post().to(route_post_crud::)), ) + .service( + // Handle captcha separately + web::resource("/user/get_captcha") + .wrap(rate_limit.post()) + .route(web::get().to(route_get::)), + ) // User actions .service( web::scope("/user") @@ -178,7 +184,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) { .route("/block", web::post().to(route_post::)) // Account actions. I don't like that they're in /user maybe /accounts .route("/login", web::post().to(route_post::)) - .route("/get_captcha", web::get().to(route_get::)) .route( "/delete_account", web::post().to(route_post_crud::),