mirror of https://github.com/tootsuite/mastodon
Align sign-up rate limits between API and Web UI
parent
19a1acb38b
commit
34930e1a3e
|
@ -86,7 +86,7 @@ class Rack::Attack
|
||||||
req.throttleable_remote_ip if req.path.start_with?('/media_proxy')
|
req.throttleable_remote_ip if req.path.start_with?('/media_proxy')
|
||||||
end
|
end
|
||||||
|
|
||||||
throttle('throttle_api_sign_up', limit: 5, period: 30.minutes) do |req|
|
throttle('throttle_api_sign_up', limit: 15, period: 15.minutes) do |req|
|
||||||
req.throttleable_remote_ip if req.post? && req.path == '/api/v1/accounts'
|
req.throttleable_remote_ip if req.post? && req.path == '/api/v1/accounts'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -109,7 +109,7 @@ class Rack::Attack
|
||||||
req.throttleable_remote_ip if req.post? && req.path == '/api/v1/apps'
|
req.throttleable_remote_ip if req.post? && req.path == '/api/v1/apps'
|
||||||
end
|
end
|
||||||
|
|
||||||
throttle('throttle_sign_up_attempts/ip', limit: 25, period: 5.minutes) do |req|
|
throttle('throttle_sign_up_attempts/ip', limit: 15, period: 15.minutes) do |req|
|
||||||
req.throttleable_remote_ip if req.post? && req.path_matches?('/auth')
|
req.throttleable_remote_ip if req.post? && req.path_matches?('/auth')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -74,8 +74,8 @@ describe Rack::Attack, type: :request do
|
||||||
describe 'throttle excessive sign-up requests by IP address' do
|
describe 'throttle excessive sign-up requests by IP address' do
|
||||||
context 'when accessed through the website' do
|
context 'when accessed through the website' do
|
||||||
let(:throttle) { 'throttle_sign_up_attempts/ip' }
|
let(:throttle) { 'throttle_sign_up_attempts/ip' }
|
||||||
let(:limit) { 25 }
|
let(:limit) { 15 }
|
||||||
let(:period) { 5.minutes }
|
let(:period) { 15.minutes }
|
||||||
let(:request) { -> { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
let(:request) { -> { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
||||||
|
|
||||||
context 'with exact path' do
|
context 'with exact path' do
|
||||||
|
@ -93,8 +93,8 @@ describe Rack::Attack, type: :request do
|
||||||
|
|
||||||
context 'when accessed through the API' do
|
context 'when accessed through the API' do
|
||||||
let(:throttle) { 'throttle_api_sign_up' }
|
let(:throttle) { 'throttle_api_sign_up' }
|
||||||
let(:limit) { 5 }
|
let(:limit) { 15 }
|
||||||
let(:period) { 30.minutes }
|
let(:period) { 15.minutes }
|
||||||
let(:request) { -> { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
let(:request) { -> { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
||||||
|
|
||||||
context 'with exact path' do
|
context 'with exact path' do
|
||||||
|
|
Loading…
Reference in New Issue