feat: enable rate limit for unauthenticated routes

2021-11-14 20:42:33 +01:00 · 2021-11-14 20:42:33 +01:00 · 093d0c65ca
parent da2d5e41c7
commit 093d0c65ca
2 changed files with 39 additions and 24 deletions
--- a/pkg/routes/rate_limit.go
+++ b/pkg/routes/rate_limit.go
@ -74,29 +74,33 @@ func RateLimit(rateLimiter *limiter.Limiter, rateLimitKind string) echo.Middlewa
 	}
 }
 func createRateLimiter(rate limiter.Rate) *limiter.Limiter {
 	var store limiter.Store
 	var err error
 	switch config.RateLimitStore.GetString() {
 	case "memory":
 		store = memory.NewStore()
 	case "redis":
 		if !config.RedisEnabled.GetBool() {
 			log.Fatal("Redis is configured for rate limiting, but not enabled!")
 		}
 		store, err = redis.NewStore(red.GetRedis())
 		if err != nil {
 			log.Fatalf("Error while creating rate limit redis store: %s", err)
 		}
 	default:
 		log.Fatalf("Unknown Rate limit store \"%s\"", config.RateLimitStore.GetString())
 	}
 	return limiter.New(store, rate)
 }
 func setupRateLimit(a *echo.Group, rateLimitKind string) {
 	if config.RateLimitEnabled.GetBool() {
 		rate := limiter.Rate{
 			Period: config.RateLimitPeriod.GetDuration() * time.Second,
 			Limit:  config.RateLimitLimit.GetInt64(),
 		}
-		var store limiter.Store
+		rateLimiter := createRateLimiter(rate)
 		var err error
 		switch config.RateLimitStore.GetString() {
 		case "memory":
 			store = memory.NewStore()
 		case "redis":
 			if !config.RedisEnabled.GetBool() {
 				log.Fatal("Redis is configured for rate limiting, but not enabled!")
 			}
 			store, err = redis.NewStore(red.GetRedis())
 			if err != nil {
 				log.Fatalf("Error while creating rate limit redis store: %s", err)
 			}
 		default:
 			log.Fatalf("Unknown Rate limit store \"%s\"", config.RateLimitStore.GetString())
 		}
 		rateLimiter := limiter.New(store, rate)
 		log.Debugf("Rate limit configured with %s and %v requests per %v", config.RateLimitStore.GetString(), rate.Limit, rate.Period)
 		a.Use(RateLimit(rateLimiter, rateLimitKind))
 	}
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@ -52,6 +52,8 @@ import (
 	"strings"
 	"time"
 	"github.com/ulule/limiter/v3"
 	vikunja_file "code.vikunja.io/api/pkg/modules/migration/vikunja-file"
 	"code.vikunja.io/api/pkg/config"
@ -235,17 +237,26 @@ func registerAPIRoutes(a *echo.Group) {
 	// Prometheus endpoint
 	setupMetrics(n)
 	// Separate route for unauthenticated routes to enable rate limits for it
 	ur := a.Group("")
 	rate := limiter.Rate{
 		Period: 60 * time.Second,
 		Limit:  10,
 	}
 	rateLimiter := createRateLimiter(rate)
 	ur.Use(RateLimit(rateLimiter, "ip"))
 	if config.AuthLocalEnabled.GetBool() {
 		// User stuff
-		n.POST("/login", apiv1.Login)
+		ur.POST("/login", apiv1.Login)
-		n.POST("/register", apiv1.RegisterUser)
+		ur.POST("/register", apiv1.RegisterUser)
-		n.POST("/user/password/token", apiv1.UserRequestResetPasswordToken)
+		ur.POST("/user/password/token", apiv1.UserRequestResetPasswordToken)
-		n.POST("/user/password/reset", apiv1.UserResetPassword)
+		ur.POST("/user/password/reset", apiv1.UserResetPassword)
-		n.POST("/user/confirm", apiv1.UserConfirmEmail)
+		ur.POST("/user/confirm", apiv1.UserConfirmEmail)
 	}
 	if config.AuthOpenIDEnabled.GetBool() {
-		n.POST("/auth/openid/:provider/callback", openid.HandleCallback)
+		ur.POST("/auth/openid/:provider/callback", openid.HandleCallback)
 	}
 	// Testing
@ -261,7 +272,7 @@ func registerAPIRoutes(a *echo.Group) {
 	// Link share auth
 	if config.ServiceEnableLinkSharing.GetBool() {
-		n.POST("/shares/:share/auth", apiv1.AuthenticateLinkShare)
+		ur.POST("/shares/:share/auth", apiv1.AuthenticateLinkShare)
 	}
 	// ===== Routes with Authetication =====