diff --git a/admin/admin.go b/admin/admin.go index 8402423..1a211a7 100644 --- a/admin/admin.go +++ b/admin/admin.go @@ -3,14 +3,15 @@ package admin import ( "encoding/json" "fmt" - "hacklab.nilfm.cc/felt/admin/util" - "hacklab.nilfm.cc/felt/models" - "hacklab.nilfm.cc/felt/mongodb" - "hacklab.nilfm.cc/quartzgun/auth" - . "hacklab.nilfm.cc/quartzgun/middleware" - "hacklab.nilfm.cc/quartzgun/renderer" - "hacklab.nilfm.cc/quartzgun/router" - . "hacklab.nilfm.cc/quartzgun/util" + "forge.lightcrystal.systems/nilix/felt/admin/util" + "forge.lightcrystal.systems/nilix/felt/models" + "forge.lightcrystal.systems/nilix/felt/mongodb" + "forge.lightcrystal.systems/nilix/quartzgun/auth" + . "forge.lightcrystal.systems/nilix/quartzgun/middleware" + "forge.lightcrystal.systems/nilix/quartzgun/rateLimiter" + "forge.lightcrystal.systems/nilix/quartzgun/renderer" + "forge.lightcrystal.systems/nilix/quartzgun/router" + . "forge.lightcrystal.systems/nilix/quartzgun/util" "html/template" "io/ioutil" "net/http" @@ -203,9 +204,9 @@ func apiUploadImg(next http.Handler, dbAdapter mongodb.DbAdapter, uploads, uploa // get file data from multipart form header := f.File["file"][0] if strings.Contains(header.Filename, "/") { - w.WriteHeader(422) - next.ServeHTTP(w, req) - return + w.WriteHeader(422) + next.ServeHTTP(w, req) + return } file, err := header.Open() if err != nil { @@ -324,9 +325,9 @@ func apiDeleteImage(next http.Handler, uploads string, uploadType string, udb au // if the file exists, delete it and return 201 filename := urlParams["file"] if strings.Contains(filename, "/") { - w.WriteHeader(422) - next.ServeHTTP(w, req) - return + w.WriteHeader(422) + next.ServeHTTP(w, req) + return } fullPath := filepath.Join(uploads, tableName, uploadType, filename) s, err := os.Stat(fullPath) @@ -353,9 +354,15 @@ func CreateAdminInterface(udb auth.UserStore, dbAdapter mongodb.DbAdapter, uploa // create quartzgun router rtr := &router.Router{Fallback: *template.Must(template.ParseFiles("templates/error.html"))} + rl := rateLimiter.IpRateLimiter{ + Data: map[string]*rateLimiter.RateLimitData{}, + Seconds: 5, + AttemptsAllowed: 5, + } + scopes := map[string]string{} - rtr.Post("/api/auth/", Provision(udb, 84)) + rtr.Post("/api/auth/", Throttle(Provision(udb, 84), rl.RateLimit)) // table management rtr.Get("/api/table/", Validate(apiGetTableList(renderer.JSON("tableList"), udb), udb, scopes)) diff --git a/admin/util/util.go b/admin/util/util.go index 2550cfe..454034a 100644 --- a/admin/util/util.go +++ b/admin/util/util.go @@ -2,8 +2,8 @@ package util import ( "encoding/base64" - "hacklab.nilfm.cc/felt/models" - "hacklab.nilfm.cc/quartzgun/auth" + "forge.lightcrystal.systems/nilix/felt/models" + "forge.lightcrystal.systems/nilix/quartzgun/auth" "net/http" "strings" ) diff --git a/cmd/cmd.go b/cmd/cmd.go index 1f50b2e..36600d7 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -2,8 +2,8 @@ package cmd import ( "fmt" - "hacklab.nilfm.cc/felt/register" - "hacklab.nilfm.cc/quartzgun/auth" + "forge.lightcrystal.systems/nilix/felt/register" + "forge.lightcrystal.systems/nilix/quartzgun/auth" "strconv" "time" ) diff --git a/config/config.go b/config/config.go index ab3c9b5..68e3d79 100644 --- a/config/config.go +++ b/config/config.go @@ -8,7 +8,7 @@ import ( "strconv" "strings" - "hacklab.nilfm.cc/quartzgun/cookie" + "forge.lightcrystal.systems/nilix/quartzgun/cookie" ) type Config struct { diff --git a/gametable/server.go b/gametable/server.go index 584bbe6..15633c8 100644 --- a/gametable/server.go +++ b/gametable/server.go @@ -7,13 +7,13 @@ import ( "encoding/json" "errors" "fmt" + "forge.lightcrystal.systems/nilix/felt/admin" + "forge.lightcrystal.systems/nilix/felt/models" + "forge.lightcrystal.systems/nilix/felt/mongodb" + "forge.lightcrystal.systems/nilix/felt/register" + "forge.lightcrystal.systems/nilix/quartzgun/auth" + "forge.lightcrystal.systems/nilix/quartzgun/renderer" "golang.org/x/time/rate" - "hacklab.nilfm.cc/felt/admin" - "hacklab.nilfm.cc/felt/models" - "hacklab.nilfm.cc/felt/mongodb" - "hacklab.nilfm.cc/felt/register" - "hacklab.nilfm.cc/quartzgun/auth" - "hacklab.nilfm.cc/quartzgun/renderer" "io/ioutil" "log" "net/http" diff --git a/go.mod b/go.mod index aae5e63..482fadf 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,11 @@ -module hacklab.nilfm.cc/felt +module forge.lightcrystal.systems/nilix/felt go 1.19 require ( + forge.lightcrystal.systems/nilix/quartzgun v0.4.2 go.mongodb.org/mongo-driver v1.12.0 golang.org/x/time v0.1.0 - hacklab.nilfm.cc/quartzgun v0.3.2 nhooyr.io/websocket v1.8.7 ) diff --git a/go.sum b/go.sum index 4460f37..b9a76f9 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +forge.lightcrystal.systems/nilix/quartzgun v0.4.2 h1:S4ae33noQ+ilMvAKNh50KfwLb+SQqeXKZSoWMRsjEoM= +forge.lightcrystal.systems/nilix/quartzgun v0.4.2/go.mod h1:hIXDh7AKtAVekjR6RIFW94d/c7cCQbyh8mzaTmP/pM8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -106,7 +108,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -hacklab.nilfm.cc/quartzgun v0.3.2 h1:PmRFZ/IgsXVWyNn1iOsQ/ZeMnOQIQy0PzFakhXBdZoU= -hacklab.nilfm.cc/quartzgun v0.3.2/go.mod h1:P6qK4HB0CD/xfyRq8wdEGevAPFDDmv0KCaESSvv93LU= nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= diff --git a/main.go b/main.go index 153abe6..a23da69 100644 --- a/main.go +++ b/main.go @@ -2,12 +2,12 @@ package main import ( "context" - "hacklab.nilfm.cc/felt/cmd" - "hacklab.nilfm.cc/felt/config" - "hacklab.nilfm.cc/felt/gametable" - "hacklab.nilfm.cc/felt/mongodb" - "hacklab.nilfm.cc/felt/register" - "hacklab.nilfm.cc/quartzgun/indentalUserDB" + "forge.lightcrystal.systems/nilix/felt/cmd" + "forge.lightcrystal.systems/nilix/felt/config" + "forge.lightcrystal.systems/nilix/felt/gametable" + "forge.lightcrystal.systems/nilix/felt/mongodb" + "forge.lightcrystal.systems/nilix/felt/register" + "forge.lightcrystal.systems/nilix/quartzgun/indentalUserDB" "log" "net" "net/http" diff --git a/mongodb/adapter.go b/mongodb/adapter.go index eee3abf..d6c3758 100644 --- a/mongodb/adapter.go +++ b/mongodb/adapter.go @@ -4,11 +4,11 @@ import ( "context" "errors" "fmt" + "forge.lightcrystal.systems/nilix/felt/models" "go.mongodb.org/mongo-driver/bson" "go.mongodb.org/mongo-driver/bson/primitive" "go.mongodb.org/mongo-driver/mongo" "go.mongodb.org/mongo-driver/mongo/options" - "hacklab.nilfm.cc/felt/models" "time" ) diff --git a/register/register.go b/register/register.go index fad883a..9a4d692 100644 --- a/register/register.go +++ b/register/register.go @@ -9,10 +9,12 @@ import ( "strconv" "time" - "hacklab.nilfm.cc/quartzgun/auth" - "hacklab.nilfm.cc/quartzgun/renderer" - "hacklab.nilfm.cc/quartzgun/router" - "hacklab.nilfm.cc/quartzgun/util" + "forge.lightcrystal.systems/nilix/quartzgun/auth" + . "forge.lightcrystal.systems/nilix/quartzgun/middleware" + "forge.lightcrystal.systems/nilix/quartzgun/rateLimiter" + "forge.lightcrystal.systems/nilix/quartzgun/renderer" + "forge.lightcrystal.systems/nilix/quartzgun/router" + "forge.lightcrystal.systems/nilix/quartzgun/util" ) type SymmetricCrypto interface { @@ -105,9 +107,13 @@ func WithUserStoreAndCrypto(next http.Handler, udb auth.UserStore, crypto Symmet func CreateRegistrationInterface(udb auth.UserStore, crypto SymmetricCrypto) http.Handler { rtr := &router.Router{Fallback: *template.Must(template.ParseFiles("templates/error.html"))} + rl := rateLimiter.IndiscriminateRateLimiter{ + Seconds: 5, + AttemptsAllowed: 5, + } - rtr.Get(`/(?P\S+)`, WithCrypto(renderer.Template("templates/register.html"), crypto)) - rtr.Post(`/(?P\S+)`, WithUserStoreAndCrypto(renderer.Template("templates/registered.html"), udb, crypto)) + rtr.Get(`/(?P\S+)`, Throttle(WithCrypto(renderer.Template("templates/register.html"), crypto), rl.RateLimit)) + rtr.Post(`/(?P\S+)`, Throttle(WithUserStoreAndCrypto(renderer.Template("templates/registered.html"), udb, crypto), rl.RateLimit)) return http.HandlerFunc(rtr.ServeHTTP) }