Acasă Explorează Ajutor
Autentificare
wiki
/
weseek__growi
oglindă de https://github.com/weseek/growi
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

apply rate limit

kaori 4 ani în urmă
părinte
31330eaecb
comite
24eec8ae66
3 a modificat fișierele cu 16 adăugiri și 2 ștergeri
Vedere unificată Arată Statisticile Diff
  1. 2 1
      packages/app/package.json
  2. 9 1
      packages/app/src/server/routes/index.js
  3. 5 0
      yarn.lock

+ 2 - 1
packages/app/package.json
Vizualizați fișierul 

@@ -56,8 +56,8 @@
 
     "@browser-bunyan/console-formatted-stream": "^1.6.2",
 
     "@browser-bunyan/console-formatted-stream": "^1.6.2",
 
     "@google-cloud/storage": "^5.8.5",
 
     "@google-cloud/storage": "^5.8.5",
 
     "@growi/plugin-attachment-refs": "^4.3.3-RC",
 
     "@growi/plugin-attachment-refs": "^4.3.3-RC",
 
-    "@growi/plugin-pukiwiki-like-linker": "^4.3.3-RC",
 
     "@growi/plugin-lsx": "^4.3.3-RC",
 
     "@growi/plugin-lsx": "^4.3.3-RC",
 
+    "@growi/plugin-pukiwiki-like-linker": "^4.3.3-RC",
 
     "@growi/slack": "^4.3.3-RC",
 
     "@growi/slack": "^4.3.3-RC",
 
     "@kobalab/socket.io-session": "^1.0.3",
 
     "@kobalab/socket.io-session": "^1.0.3",
 
     "@promster/express": "^5.0.1",
 
     "@promster/express": "^5.0.1",
 
@@ -91,6 +91,7 @@
 
     "express-bunyan-logger": "^1.3.3",
 
     "express-bunyan-logger": "^1.3.3",
 
     "express-form": "~0.12.0",
 
     "express-form": "~0.12.0",
 
     "express-mongo-sanitize": "^2.1.0",
 
     "express-mongo-sanitize": "^2.1.0",
 
+    "express-rate-limit": "^5.3.0",
 
     "express-session": "^1.16.1",
 
     "express-session": "^1.16.1",
 
     "express-validator": "^6.1.1",
 
     "express-validator": "^6.1.1",
 
     "express-webpack-assets": "^0.1.0",
 
     "express-webpack-assets": "^0.1.0",

+ 9 - 1
packages/app/src/server/routes/index.js
Vizualizați fișierul 

@@ -1,5 +1,13 @@
 
 const multer = require('multer');
 
 const multer = require('multer');
 
 const autoReap = require('multer-autoreap');
 
 const autoReap = require('multer-autoreap');
 
+const rateLimit = require('express-rate-limit');
 
+
 
+const apiLimiter = rateLimit({
 
+  windowMs: 15 * 60 * 1000, // 15 minutes
 
+  max: 5, // limit each IP to 5 requests per windowMs
 
+  message:
 
+    'Too many requests sent from this IP, please try again after 15 minutes',
 
+});
 
 
 
 autoReap.options.reapOnError = true; // continue reaping the file even if an error occurs
 
 autoReap.options.reapOnError = true; // continue reaping the file even if an error occurs
 
 
 
@@ -178,7 +186,7 @@ module.exports = function(crowi, app) {
 
   app.post('/_api/hackmd.saveOnHackmd'   , accessTokenParser , loginRequiredStrictly , csrf, hackmd.validateForApi, hackmd.saveOnHackmd);
 
   app.post('/_api/hackmd.saveOnHackmd'   , accessTokenParser , loginRequiredStrictly , csrf, hackmd.validateForApi, hackmd.saveOnHackmd);
 
 
 
   app.get('/forgot-password', forgotPassword.forgotPassword);
 
   app.get('/forgot-password', forgotPassword.forgotPassword);
 
-  app.get('/forgot-password/:token'      , passwordReset, forgotPassword.resetPassword);
 
+  app.get('/forgot-password/:token'      ,apiLimiter, passwordReset, forgotPassword.resetPassword);
 
   app.get('/forgot-password/error/:reason'      , applicationInstalled, forgotPassword.error);
 
   app.get('/forgot-password/error/:reason'      , applicationInstalled, forgotPassword.error);
 
 
 
   app.get('/share/:linkId', page.showSharedPage);
 
   app.get('/share/:linkId', page.showSharedPage);

+ 5 - 0
yarn.lock
Vizualizați fișierul 

@@ -7991,6 +7991,11 @@ express-mongo-sanitize@^2.1.0:
 
   resolved "https://registry.yarnpkg.com/express-mongo-sanitize/-/express-mongo-sanitize-2.1.0.tgz#a8c647787c25ded6e97b5e864d113e7687c5d471"
 
   resolved "https://registry.yarnpkg.com/express-mongo-sanitize/-/express-mongo-sanitize-2.1.0.tgz#a8c647787c25ded6e97b5e864d113e7687c5d471"
 
   integrity sha512-ELGeH/Tx+kJGn3klCzSmOewfN1ezJQrkqzq83dl/K3xhd5PUbvLtiD5CiuYRmQfoZPL4rUEVjANf/YjE2BpTWQ==
 
   integrity sha512-ELGeH/Tx+kJGn3klCzSmOewfN1ezJQrkqzq83dl/K3xhd5PUbvLtiD5CiuYRmQfoZPL4rUEVjANf/YjE2BpTWQ==
 
 
 
+express-rate-limit@^5.3.0:
 
+  version "5.3.0"
 
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-5.3.0.tgz#e7b9d3c2e09ece6e0406a869b2ce00d03fe48aea"
 
+  integrity sha512-qJhfEgCnmteSeZAeuOKQ2WEIFTX5ajrzE0xS6gCOBCoRQcU+xEzQmgYQQTpzCcqUAAzTEtu4YEih4pnLfvNtew==
 
+
 
 express-session@^1.16.1:
 
 express-session@^1.16.1:
 
   version "1.16.1"
 
   version "1.16.1"
 
   resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.16.1.tgz#251ff9776c59382301de6c8c33411af357ed439c"
 
   resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.16.1.tgz#251ff9776c59382301de6c8c33411af357ed439c"