feat: make unauthenticated user routes rate limit configurable
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
f26f1326ea
commit
c6c465c273
@ -191,6 +191,10 @@ ratelimit:
|
||||
# Possible values are "keyvalue", "memory" or "redis".
|
||||
# When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section.
|
||||
store: keyvalue
|
||||
# The number of requests a user can make from the same IP to all unauthenticated routes (login, register,
|
||||
# password confirmation, email verification, password reset request) per minute. This limit cannot be disabled.
|
||||
# You should only change this if you know what you're doing.
|
||||
noauthlimit: 10
|
||||
|
||||
files:
|
||||
# The path where files are stored
|
||||
|
@ -969,6 +969,19 @@ Full path: `ratelimit.store`
|
||||
Environment path: `VIKUNJA_RATELIMIT_STORE`
|
||||
|
||||
|
||||
### noauthlimit
|
||||
|
||||
The number of requests a user can make from the same IP to all unauthenticated routes (login, register,
|
||||
password confirmation, email verification, password reset request) per minute. This limit cannot be disabled.
|
||||
You should only change this if you know what you're doing.
|
||||
|
||||
Default: `10`
|
||||
|
||||
Full path: `ratelimit.noauthlimit`
|
||||
|
||||
Environment path: `VIKUNJA_RATELIMIT_NOAUTHLIMIT`
|
||||
|
||||
|
||||
---
|
||||
|
||||
## files
|
||||
|
@ -122,11 +122,12 @@ const (
|
||||
LogMail Key = `log.mail`
|
||||
LogMailLevel Key = `log.maillevel`
|
||||
|
||||
RateLimitEnabled Key = `ratelimit.enabled`
|
||||
RateLimitKind Key = `ratelimit.kind`
|
||||
RateLimitPeriod Key = `ratelimit.period`
|
||||
RateLimitLimit Key = `ratelimit.limit`
|
||||
RateLimitStore Key = `ratelimit.store`
|
||||
RateLimitEnabled Key = `ratelimit.enabled`
|
||||
RateLimitKind Key = `ratelimit.kind`
|
||||
RateLimitPeriod Key = `ratelimit.period`
|
||||
RateLimitLimit Key = `ratelimit.limit`
|
||||
RateLimitStore Key = `ratelimit.store`
|
||||
RateLimitNoAuthRoutesLimit Key = `ratelimit.noauthlimit`
|
||||
|
||||
FilesBasePath Key = `files.basepath`
|
||||
FilesMaxSize Key = `files.maxsize`
|
||||
@ -367,6 +368,7 @@ func InitDefaultConfig() {
|
||||
RateLimitLimit.setDefault(100)
|
||||
RateLimitPeriod.setDefault(60)
|
||||
RateLimitStore.setDefault("memory")
|
||||
RateLimitNoAuthRoutesLimit.setDefault(10)
|
||||
// Files
|
||||
FilesBasePath.setDefault("files")
|
||||
FilesMaxSize.setDefault("20MB")
|
||||
|
@ -246,7 +246,7 @@ func registerAPIRoutes(a *echo.Group) {
|
||||
ur := a.Group("")
|
||||
rate := limiter.Rate{
|
||||
Period: 60 * time.Second,
|
||||
Limit: 10,
|
||||
Limit: config.RateLimitNoAuthRoutesLimit.GetInt64(),
|
||||
}
|
||||
rateLimiter := createRateLimiter(rate)
|
||||
ur.Use(RateLimit(rateLimiter, "ip"))
|
||||
|
Loading…
x
Reference in New Issue
Block a user