:sparkles: route specific rate limits

2 files changed, 4 insertions, 0 deletions

diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts

index 2c4084ea..547d115b 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -4,12 +4,14 @@ import bcrypt from "bcrypt";
 import jwt from "jsonwebtoken";
 import { Config, UserModel } from "@fosscord/server-util";
 import { adjustEmail } from "./register";
+import RateLimit from "../../middlewares/RateLimit";
 
 const router: Router = Router();
 export default router;
 
 router.post(
 	"/",
+	RateLimit({ count: 5, window: 60, onylIp: true }),
 	check({
 		login: new Length(String, 2, 100), // email or telephone
 		password: new Length(String, 8, 64),
diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts

index f39206f2..83f8dc8c 100644
--- a/src/routes/auth/register.ts
+++ b/src/routes/auth/register.ts
@@ -6,11 +6,13 @@ import "missing-native-js-functions";
 import { generateToken } from "./login";
 import { getIpAdress, IPAnalysis, isProxy } from "../../util/ipAddress";
 import { HTTPError } from "lambert-server";
+import RateLimit from "../../middlewares/RateLimit";
 
 const router: Router = Router();
 
 router.post(
 	"/",
+	RateLimit({ count: 2, window: 60 * 60 * 12, onylIp: true, success: true }),
 	check({
 		username: new Length(String, 2, 32),
 		// TODO: check min password length in config