Use custom rate limiter when asking verif email

This commit is contained in:
Chocobozzz 2018-08-31 11:44:07 +02:00
parent 328e607d32
commit 288fe38590
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
2 changed files with 11 additions and 1 deletions

View File

@ -42,6 +42,12 @@ const loginRateLimiter = new RateLimit({
delayMs: 0 delayMs: 0
}) })
const askSendEmailLimiter = new RateLimit({
windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
max: RATES_LIMIT.ASK_SEND_EMAIL.MAX,
delayMs: 0
})
const usersRouter = express.Router() const usersRouter = express.Router()
usersRouter.use('/', meRouter) usersRouter.use('/', meRouter)
@ -114,7 +120,7 @@ usersRouter.post('/:id/reset-password',
) )
usersRouter.post('/ask-send-verify-email', usersRouter.post('/ask-send-verify-email',
loginRateLimiter, askSendEmailLimiter,
asyncMiddleware(usersAskSendVerifyEmailValidator), asyncMiddleware(usersAskSendVerifyEmailValidator),
asyncMiddleware(askSendVerifyUserEmail) asyncMiddleware(askSendVerifyUserEmail)
) )

View File

@ -364,6 +364,10 @@ const RATES_LIMIT = {
LOGIN: { LOGIN: {
WINDOW_MS: 5 * 60 * 1000, // 5 minutes WINDOW_MS: 5 * 60 * 1000, // 5 minutes
MAX: 15 // 15 attempts MAX: 15 // 15 attempts
},
ASK_SEND_EMAIL: {
WINDOW_MS: 5 * 60 * 1000, // 5 minutes
MAX: 3 // 3 attempts
} }
} }