saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-11 19:25:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Basic ratelimit for user login (including 2FA) and admin login

Browse Source
This commit is contained in:
Daniel García
2021-12-22 21:48:49 +01:00
parent 0a5df06e77
commit 5529264c3f
7 changed files with 134 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/admin.rs
View File

@@ -166,6 +166,10 @@ fn post_admin_login(
) -> Result<Redirect, Flash<Redirect>> {
let data = data.into_inner();
if crate::ratelimit::check_limit_admin(&ip.ip).is_err() {
return Err(Flash::error(Redirect::to(admin_url(referer)), "Too many requests, try again later."));
}
// If the token is invalid, redirect to login page
if !_validate_token(&data.token) {
error!("Invalid admin token. IP: {}", ip.ip);