Allow to control RATES_LIMIT from configuration (#1787)

* Allow to control RATES_LIMIT from configuration

* @Chocobozzz review (squash me)
This commit is contained in:
Yohan Boniface 2019-04-26 13:48:55 +02:00 committed by Chocobozzz
parent 4f0f2ab228
commit c342726ad4
6 changed files with 46 additions and 5 deletions

View File

@ -9,6 +9,16 @@ webserver:
hostname: 'localhost' hostname: 'localhost'
port: 9000 port: 9000
rates_limit:
login:
# 15 attempts in 5 min
window: 5 minutes
max: 15
ask_send_email:
# 3 attempts in 5 min
window: 5 minutes
max: 3
# Proxies to trust to get real client IP # Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)

View File

@ -8,6 +8,16 @@ webserver:
hostname: 'example.com' hostname: 'example.com'
port: 443 port: 443
rates_limit:
login:
# 15 attempts in 5 min
window: 5 minutes
max: 15
ask_send_email:
# 3 attempts in 5 min
window: 5 minutes
max: 3
# Proxies to trust to get real client IP # Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)

View File

@ -27,7 +27,8 @@ function checkMissedConfig () {
'services.twitter.username', 'services.twitter.whitelisted', 'services.twitter.username', 'services.twitter.whitelisted',
'followers.instance.enabled', 'followers.instance.manual_approval', 'followers.instance.enabled', 'followers.instance.manual_approval',
'tracker.enabled', 'tracker.private', 'tracker.reject_too_many_announces', 'tracker.enabled', 'tracker.private', 'tracker.reject_too_many_announces',
'history.videos.max_age', 'views.videos.remote.max_age' 'history.videos.max_age', 'views.videos.remote.max_age',
'rates_limit.login.window', 'rates_limit.login.max', 'rates_limit.ask_send_email.window', 'rates_limit.ask_send_email.max'
] ]
const requiredAlternatives = [ const requiredAlternatives = [
[ // set [ // set

View File

@ -63,6 +63,16 @@ const CONFIG = {
HOSTNAME: config.get<string>('webserver.hostname'), HOSTNAME: config.get<string>('webserver.hostname'),
PORT: config.get<number>('webserver.port') PORT: config.get<number>('webserver.port')
}, },
RATES_LIMIT: {
LOGIN: {
WINDOW_MS: parseDurationToMs(config.get<string>('rates_limit.login.window')),
MAX: config.get<number>('rates_limit.login.max')
},
ASK_SEND_EMAIL: {
WINDOW_MS: parseDurationToMs(config.get<string>('rates_limit.ask_send_email.window')),
MAX: config.get<number>('rates_limit.ask_send_email.max')
}
},
TRUST_PROXY: config.get<string[]>('trust_proxy'), TRUST_PROXY: config.get<string[]>('trust_proxy'),
LOG: { LOG: {
LEVEL: config.get<string>('log.level') LEVEL: config.get<string>('log.level')

View File

@ -281,12 +281,12 @@ let CONSTRAINTS_FIELDS = {
const RATES_LIMIT = { const RATES_LIMIT = {
LOGIN: { LOGIN: {
WINDOW_MS: 5 * 60 * 1000, // 5 minutes WINDOW_MS: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
MAX: 15 // 15 attempts MAX: CONFIG.RATES_LIMIT.LOGIN.MAX
}, },
ASK_SEND_EMAIL: { ASK_SEND_EMAIL: {
WINDOW_MS: 5 * 60 * 1000, // 5 minutes WINDOW_MS: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
MAX: 3 // 3 attempts MAX: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
} }
} }

View File

@ -8,6 +8,16 @@ webserver:
hostname: undefined hostname: undefined
port: 443 port: 443
rates_limit:
login:
# 15 attempts in 5 min
window: 5 minutes
max: 15
ask_send_email:
# 3 attempts in 5 min
window: 5 minutes
max: 3
# Proxies to trust to get real client IP # Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)