Basic ratelimit for user login (including 2FA) and admin login

2025-09-10 18:55:57 +03:00 · 2021-12-22 21:48:49 +01:00
parent 0a5df06e77
commit 5529264c3f
7 changed files with 134 additions and 2 deletions
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -84,6 +84,9 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: &ClientIp) -> JsonResult
        err!("Scope not supported")
    }

+    // Ratelimit the login
+    crate::ratelimit::check_limit_login(&ip.ip)?;
+
    // Get the user
    let username = data.username.as_ref().unwrap();
    let user = match User::find_by_mail(username, &conn) {