Adding a captcha rate limit. Fixes #1755 (#1941)

* Adding a captcha rate limit. Fixes #1755 * Changing to post rate limit.
2024-05-20 18:58:05 +00:00 · 2021-11-25 08:04:19 -05:00 · 2021-11-25 08:04:19 -05:00 · e765b42d46
parent 97b8b9c255
commit e765b42d46
2 changed files with 10 additions and 2 deletions
--- a/crates/websocket/src/chat_server.rs
+++ b/crates/websocket/src/chat_server.rs
@ -491,7 +491,10 @@ impl ChatServer {
      } else {
        let user_operation = UserOperation::from_str(op)?;
        let fut = (message_handler)(context, msg.id, user_operation.clone(), data);
-        rate_limiter.message().wrap(ip, fut).await
+        match user_operation {
+          UserOperation::GetCaptcha => rate_limiter.post().wrap(ip, fut).await,
+          _ => rate_limiter.message().wrap(ip, fut).await,
+        }
      }
    }
  }
--- a/src/api_routes.rs
+++ b/src/api_routes.rs
@ -161,6 +161,12 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
          .wrap(rate_limit.register())
          .route(web::post().to(route_post_crud::<Register>)),
      )
+      .service(
+        // Handle captcha separately
+        web::resource("/user/get_captcha")
+          .wrap(rate_limit.post())
+          .route(web::get().to(route_get::<GetCaptcha>)),
+      )
      // User actions
      .service(
        web::scope("/user")
@ -178,7 +184,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
          .route("/block", web::post().to(route_post::<BlockPerson>))
          // Account actions. I don't like that they're in /user maybe /accounts
          .route("/login", web::post().to(route_post::<Login>))
-          .route("/get_captcha", web::get().to(route_get::<GetCaptcha>))
          .route(
            "/delete_account",
            web::post().to(route_post_crud::<DeleteAccount>),