saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-11 11:15:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ratelimit' into main

Browse Source
This commit is contained in:
Daniel García
2021-12-27 21:55:15 +01:00
parent 6bf8a9d93d d4eb21c2d9
commit 85ac9783f0
8 changed files with 145 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/admin.rs
View File

@@ -166,6 +166,10 @@ fn post_admin_login(
) -> Result<Redirect, Flash<Redirect>> {
let data = data.into_inner();
if crate::ratelimit::check_limit_admin(&ip.ip).is_err() {
return Err(Flash::error(Redirect::to(admin_url(referer)), "Too many requests, try again later."));
}
// If the token is invalid, redirect to login page
if !_validate_token(&data.token) {
error!("Invalid admin token. IP: {}", ip.ip);

3
src/api/identity.rs
View File

@@ -84,6 +84,9 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: &ClientIp) -> JsonResult
err!("Scope not supported")
}
// Ratelimit the login
crate::ratelimit::check_limit_login(&ip.ip)?;
// Get the user
let username = data.username.as_ref().unwrap();
let user = match User::find_by_mail(username, &conn) {