Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-10-31 02:16:05 +01:00
Code Issues Packages Projects Releases Activity

Rate limit the /auth/login route of ETAPI

Browse Source
This commit is contained in:
DynamoFox
2022-08-22 11:50:58 +02:00
parent 9ce0421ae7
commit b965f77f4a
4 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/etapi/auth.js
View File

@@ -3,8 +3,8 @@ const eu = require("./etapi_utils");
const passwordEncryptionService = require("../services/password_encryption");
const etapiTokenService = require("../services/etapi_tokens");
function register(router) {
eu.NOT_AUTHENTICATED_ROUTE(router, 'post', '/etapi/auth/login', (req, res, next) => {
function register(router, loginMiddleware) {
eu.NOT_AUTHENTICATED_ROUTE(router, 'post', '/etapi/auth/login', loginMiddleware, (req, res, next) => {
const {password, tokenName} = req.body;
if (!passwordEncryptionService.verifyPassword(password)) {

2
src/etapi/etapi.openapi.yaml
View File

@@ -602,6 +602,8 @@ paths:
authToken:
type: string
example: Bc4bFn0Ffiok_4NpbVCDnFz7B2WU+pdhW8B5Ne3DiR5wXrEyqdjgRIsk=
'429':
description: Client IP has been blacklisted because too many requests (possibly failed authentications) were made within a short time frame, try again later
default:
description: unexpected error
content:

4
src/etapi/etapi_utils.js
View File

@@ -66,8 +66,8 @@ function route(router, method, path, routeHandler) {
router[method](path, checkEtapiAuth, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
}
function NOT_AUTHENTICATED_ROUTE(router, method, path, routeHandler) {
router[method](path, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
function NOT_AUTHENTICATED_ROUTE(router, method, path, middleware, routeHandler) {
router[method](path, ...middleware, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
}
function getAndCheckNote(noteId) {

2
src/routes/routes.js
View File

@@ -416,7 +416,7 @@ function register(app) {
shareRoutes.register(router);
etapiAuthRoutes.register(router);
etapiAuthRoutes.register(router, [loginRateLimiter]);
etapiAppInfoRoutes.register(router);
etapiAttributeRoutes.register(router);
etapiBranchRoutes.register(router);