diff options
| author | TheArcaneBrony <myrainbowdash949@gmail.com> | 2022-09-17 15:31:20 +0200 |
|---|---|---|
| committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-19 20:57:43 +1100 |
| commit | 565e7885dc1134c77e44b18ef80b7db600c4049a (patch) | |
| tree | bab0b3f6b0b86bfe82570b796a797382dbe6f217 /src/api/routes | |
| parent | comments (diff) | |
| download | server-565e7885dc1134c77e44b18ef80b7db600c4049a.tar.xz | |
Add register ratelimit
Diffstat (limited to 'src/api/routes')
| -rw-r--r-- | src/api/routes/auth/register.ts | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/api/routes/auth/register.ts b/src/api/routes/auth/register.ts index 370d7c52..eba86f77 100644 --- a/src/api/routes/auth/register.ts +++ b/src/api/routes/auth/register.ts @@ -17,6 +17,7 @@ import { } from "@fosscord/api"; import bcrypt from "bcrypt"; import { HTTPError } from "lambert-server"; +import { MoreThan } from "typeorm"; const router: Router = Router(); @@ -25,7 +26,7 @@ router.post( route({ body: "RegisterSchema" }), async (req: Request, res: Response) => { const body = req.body as RegisterSchema; - const { register, security } = Config.get(); + const { register, security, limits } = Config.get(); const ip = getIpAdress(req); // email will be slightly modified version of the user supplied email -> e.g. protection against GMail Trick @@ -198,6 +199,19 @@ router.post( }); } + if ( + limits.absoluteRate.register.enabled && + (await User.count({ where: { created_at: MoreThan(new Date(Date.now() - limits.absoluteRate.register.window)) } })) + >= limits.absoluteRate.register.limit + ) { + console.log( + `Global register ratelimit exceeded for ${getIpAdress(req)}, ${req.body.username}, ${req.body.invite || "No invite given"}` + ); + throw FieldErrors({ + email: { code: "TOO_MANY_REGISTRATIONS", message: req.t("auth:register.TOO_MANY_REGISTRATIONS") } + }); + } + const user = await User.register({ ...body, req }); if (body.invite) { |