diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts
index 2c4084ea..547d115b 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -4,12 +4,14 @@ import bcrypt from "bcrypt";
import jwt from "jsonwebtoken";
import { Config, UserModel } from "@fosscord/server-util";
import { adjustEmail } from "./register";
+import RateLimit from "../../middlewares/RateLimit";
const router: Router = Router();
export default router;
router.post(
"/",
+ RateLimit({ count: 5, window: 60, onylIp: true }),
check({
login: new Length(String, 2, 100), // email or telephone
password: new Length(String, 8, 64),
diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts
index f39206f2..83f8dc8c 100644
--- a/src/routes/auth/register.ts
+++ b/src/routes/auth/register.ts
@@ -6,11 +6,13 @@ import "missing-native-js-functions";
import { generateToken } from "./login";
import { getIpAdress, IPAnalysis, isProxy } from "../../util/ipAddress";
import { HTTPError } from "lambert-server";
+import RateLimit from "../../middlewares/RateLimit";
const router: Router = Router();
router.post(
"/",
+ RateLimit({ count: 2, window: 60 * 60 * 12, onylIp: true, success: true }),
check({
username: new Length(String, 2, 32),
// TODO: check min password length in config
|
