add rate limit for login and registration, update module names

This commit is contained in:
Iris Lightshard 2024-11-28 10:54:36 -07:00
parent 9e754b0733
commit c72b6792e9
Signed by: Iris Lightshard
GPG key ID: 688407174966CAF3
10 changed files with 56 additions and 43 deletions

View file

@ -3,14 +3,15 @@ package admin
import (
"encoding/json"
"fmt"
"hacklab.nilfm.cc/felt/admin/util"
"hacklab.nilfm.cc/felt/models"
"hacklab.nilfm.cc/felt/mongodb"
"hacklab.nilfm.cc/quartzgun/auth"
. "hacklab.nilfm.cc/quartzgun/middleware"
"hacklab.nilfm.cc/quartzgun/renderer"
"hacklab.nilfm.cc/quartzgun/router"
. "hacklab.nilfm.cc/quartzgun/util"
"forge.lightcrystal.systems/nilix/felt/admin/util"
"forge.lightcrystal.systems/nilix/felt/models"
"forge.lightcrystal.systems/nilix/felt/mongodb"
"forge.lightcrystal.systems/nilix/quartzgun/auth"
. "forge.lightcrystal.systems/nilix/quartzgun/middleware"
"forge.lightcrystal.systems/nilix/quartzgun/rateLimiter"
"forge.lightcrystal.systems/nilix/quartzgun/renderer"
"forge.lightcrystal.systems/nilix/quartzgun/router"
. "forge.lightcrystal.systems/nilix/quartzgun/util"
"html/template"
"io/ioutil"
"net/http"
@ -203,9 +204,9 @@ func apiUploadImg(next http.Handler, dbAdapter mongodb.DbAdapter, uploads, uploa
// get file data from multipart form
header := f.File["file"][0]
if strings.Contains(header.Filename, "/") {
w.WriteHeader(422)
next.ServeHTTP(w, req)
return
w.WriteHeader(422)
next.ServeHTTP(w, req)
return
}
file, err := header.Open()
if err != nil {
@ -324,9 +325,9 @@ func apiDeleteImage(next http.Handler, uploads string, uploadType string, udb au
// if the file exists, delete it and return 201
filename := urlParams["file"]
if strings.Contains(filename, "/") {
w.WriteHeader(422)
next.ServeHTTP(w, req)
return
w.WriteHeader(422)
next.ServeHTTP(w, req)
return
}
fullPath := filepath.Join(uploads, tableName, uploadType, filename)
s, err := os.Stat(fullPath)
@ -353,9 +354,15 @@ func CreateAdminInterface(udb auth.UserStore, dbAdapter mongodb.DbAdapter, uploa
// create quartzgun router
rtr := &router.Router{Fallback: *template.Must(template.ParseFiles("templates/error.html"))}
rl := rateLimiter.IpRateLimiter{
Data: map[string]*rateLimiter.RateLimitData{},
Seconds: 5,
AttemptsAllowed: 5,
}
scopes := map[string]string{}
rtr.Post("/api/auth/", Provision(udb, 84))
rtr.Post("/api/auth/", Throttle(Provision(udb, 84), rl.RateLimit))
// table management
rtr.Get("/api/table/", Validate(apiGetTableList(renderer.JSON("tableList"), udb), udb, scopes))

View file

@ -2,8 +2,8 @@ package util
import (
"encoding/base64"
"hacklab.nilfm.cc/felt/models"
"hacklab.nilfm.cc/quartzgun/auth"
"forge.lightcrystal.systems/nilix/felt/models"
"forge.lightcrystal.systems/nilix/quartzgun/auth"
"net/http"
"strings"
)

View file

@ -2,8 +2,8 @@ package cmd
import (
"fmt"
"hacklab.nilfm.cc/felt/register"
"hacklab.nilfm.cc/quartzgun/auth"
"forge.lightcrystal.systems/nilix/felt/register"
"forge.lightcrystal.systems/nilix/quartzgun/auth"
"strconv"
"time"
)

View file

@ -8,7 +8,7 @@ import (
"strconv"
"strings"
"hacklab.nilfm.cc/quartzgun/cookie"
"forge.lightcrystal.systems/nilix/quartzgun/cookie"
)
type Config struct {

View file

@ -7,13 +7,13 @@ import (
"encoding/json"
"errors"
"fmt"
"forge.lightcrystal.systems/nilix/felt/admin"
"forge.lightcrystal.systems/nilix/felt/models"
"forge.lightcrystal.systems/nilix/felt/mongodb"
"forge.lightcrystal.systems/nilix/felt/register"
"forge.lightcrystal.systems/nilix/quartzgun/auth"
"forge.lightcrystal.systems/nilix/quartzgun/renderer"
"golang.org/x/time/rate"
"hacklab.nilfm.cc/felt/admin"
"hacklab.nilfm.cc/felt/models"
"hacklab.nilfm.cc/felt/mongodb"
"hacklab.nilfm.cc/felt/register"
"hacklab.nilfm.cc/quartzgun/auth"
"hacklab.nilfm.cc/quartzgun/renderer"
"io/ioutil"
"log"
"net/http"

4
go.mod
View file

@ -1,11 +1,11 @@
module hacklab.nilfm.cc/felt
module forge.lightcrystal.systems/nilix/felt
go 1.19
require (
forge.lightcrystal.systems/nilix/quartzgun v0.4.2
go.mongodb.org/mongo-driver v1.12.0
golang.org/x/time v0.1.0
hacklab.nilfm.cc/quartzgun v0.3.2
nhooyr.io/websocket v1.8.7
)

4
go.sum
View file

@ -1,3 +1,5 @@
forge.lightcrystal.systems/nilix/quartzgun v0.4.2 h1:S4ae33noQ+ilMvAKNh50KfwLb+SQqeXKZSoWMRsjEoM=
forge.lightcrystal.systems/nilix/quartzgun v0.4.2/go.mod h1:hIXDh7AKtAVekjR6RIFW94d/c7cCQbyh8mzaTmP/pM8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -106,7 +108,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
hacklab.nilfm.cc/quartzgun v0.3.2 h1:PmRFZ/IgsXVWyNn1iOsQ/ZeMnOQIQy0PzFakhXBdZoU=
hacklab.nilfm.cc/quartzgun v0.3.2/go.mod h1:P6qK4HB0CD/xfyRq8wdEGevAPFDDmv0KCaESSvv93LU=
nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=

12
main.go
View file

@ -2,12 +2,12 @@ package main
import (
"context"
"hacklab.nilfm.cc/felt/cmd"
"hacklab.nilfm.cc/felt/config"
"hacklab.nilfm.cc/felt/gametable"
"hacklab.nilfm.cc/felt/mongodb"
"hacklab.nilfm.cc/felt/register"
"hacklab.nilfm.cc/quartzgun/indentalUserDB"
"forge.lightcrystal.systems/nilix/felt/cmd"
"forge.lightcrystal.systems/nilix/felt/config"
"forge.lightcrystal.systems/nilix/felt/gametable"
"forge.lightcrystal.systems/nilix/felt/mongodb"
"forge.lightcrystal.systems/nilix/felt/register"
"forge.lightcrystal.systems/nilix/quartzgun/indentalUserDB"
"log"
"net"
"net/http"

View file

@ -4,11 +4,11 @@ import (
"context"
"errors"
"fmt"
"forge.lightcrystal.systems/nilix/felt/models"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
"go.mongodb.org/mongo-driver/mongo/options"
"hacklab.nilfm.cc/felt/models"
"time"
)

View file

@ -9,10 +9,12 @@ import (
"strconv"
"time"
"hacklab.nilfm.cc/quartzgun/auth"
"hacklab.nilfm.cc/quartzgun/renderer"
"hacklab.nilfm.cc/quartzgun/router"
"hacklab.nilfm.cc/quartzgun/util"
"forge.lightcrystal.systems/nilix/quartzgun/auth"
. "forge.lightcrystal.systems/nilix/quartzgun/middleware"
"forge.lightcrystal.systems/nilix/quartzgun/rateLimiter"
"forge.lightcrystal.systems/nilix/quartzgun/renderer"
"forge.lightcrystal.systems/nilix/quartzgun/router"
"forge.lightcrystal.systems/nilix/quartzgun/util"
)
type SymmetricCrypto interface {
@ -105,9 +107,13 @@ func WithUserStoreAndCrypto(next http.Handler, udb auth.UserStore, crypto Symmet
func CreateRegistrationInterface(udb auth.UserStore, crypto SymmetricCrypto) http.Handler {
rtr := &router.Router{Fallback: *template.Must(template.ParseFiles("templates/error.html"))}
rl := rateLimiter.IndiscriminateRateLimiter{
Seconds: 5,
AttemptsAllowed: 5,
}
rtr.Get(`/(?P<cipher>\S+)`, WithCrypto(renderer.Template("templates/register.html"), crypto))
rtr.Post(`/(?P<cipher>\S+)`, WithUserStoreAndCrypto(renderer.Template("templates/registered.html"), udb, crypto))
rtr.Get(`/(?P<cipher>\S+)`, Throttle(WithCrypto(renderer.Template("templates/register.html"), crypto), rl.RateLimit))
rtr.Post(`/(?P<cipher>\S+)`, Throttle(WithUserStoreAndCrypto(renderer.Template("templates/registered.html"), udb, crypto), rl.RateLimit))
return http.HandlerFunc(rtr.ServeHTTP)
}