summaryrefslogtreecommitdiff
path: root/src/routers/vault/middlewares/session.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/routers/vault/middlewares/session.js')
-rw-r--r--src/routers/vault/middlewares/session.js18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/routers/vault/middlewares/session.js b/src/routers/vault/middlewares/session.js
index b12a535..0073e90 100644
--- a/src/routers/vault/middlewares/session.js
+++ b/src/routers/vault/middlewares/session.js
@@ -229,13 +229,27 @@ const new_session = async (req, res, next) => {
res.status(200).json({
status: "success"
});
- req.app.locals.cooldown(req, 6e4);
+
+ // max 5 attempts per 15 minutes
+ if (req.app.locals.brute.consume(req, 5, 9e5)) {
+ req.app.locals.cooldown(req, 6e4);
+ } else {
+ req.app.locals.logger.warn(`Vault.session: account creation request flood [${req.ip}]`);
+ req.app.locals.cooldown(req, 3.6e6);
+ }
return;
} else {
res.status(202).json({
status: "pending",
});
- req.app.locals.cooldown(req, 1e3);
+
+ // max 5 attempts per 15 minutes
+ if (req.app.locals.brute.consume(req, 5, 9e5)) {
+ req.app.locals.cooldown(req, 1e3);
+ } else {
+ req.app.locals.logger.warn(`Vault.session: email check flood [${req.ip}]`);
+ req.app.locals.cooldown(req, 3.6e6);
+ }
return;
}
} else {
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-06-02 01:26:14 +0000