add rate limit for login and registration, update module names

admin/admin.go

@@ -3,14 +3,15 @@ package admin
 import (
 	"encoding/json"
 	"fmt"
-	"hacklab.nilfm.cc/felt/admin/util"
+	"forge.lightcrystal.systems/nilix/felt/admin/util"
-	"hacklab.nilfm.cc/felt/models"
+	"forge.lightcrystal.systems/nilix/felt/models"
-	"hacklab.nilfm.cc/felt/mongodb"
+	"forge.lightcrystal.systems/nilix/felt/mongodb"
-	"hacklab.nilfm.cc/quartzgun/auth"
+	"forge.lightcrystal.systems/nilix/quartzgun/auth"
-	. "hacklab.nilfm.cc/quartzgun/middleware"
+	. "forge.lightcrystal.systems/nilix/quartzgun/middleware"
-	"hacklab.nilfm.cc/quartzgun/renderer"
+	"forge.lightcrystal.systems/nilix/quartzgun/rateLimiter"
-	"hacklab.nilfm.cc/quartzgun/router"
+	"forge.lightcrystal.systems/nilix/quartzgun/renderer"
-	. "hacklab.nilfm.cc/quartzgun/util"
+	"forge.lightcrystal.systems/nilix/quartzgun/router"
+	. "forge.lightcrystal.systems/nilix/quartzgun/util"
 	"html/template"
 	"io/ioutil"
 	"net/http"
@@ -203,9 +204,9 @@ func apiUploadImg(next http.Handler, dbAdapter mongodb.DbAdapter, uploads, uploa
 		// get file data from multipart form
 		header := f.File["file"][0]
 		if strings.Contains(header.Filename, "/") {
-		  w.WriteHeader(422)
+			w.WriteHeader(422)
-		  next.ServeHTTP(w, req)
+			next.ServeHTTP(w, req)
-		  return
+			return
 		}
 		file, err := header.Open()
 		if err != nil {
@@ -324,9 +325,9 @@ func apiDeleteImage(next http.Handler, uploads string, uploadType string, udb au
 					// if the file exists, delete it and return 201
 					filename := urlParams["file"]
 					if strings.Contains(filename, "/") {
-					  w.WriteHeader(422)
+						w.WriteHeader(422)
-					  next.ServeHTTP(w, req)
+						next.ServeHTTP(w, req)
-					  return
+						return
 					}
 					fullPath := filepath.Join(uploads, tableName, uploadType, filename)
 					s, err := os.Stat(fullPath)
@@ -353,9 +354,15 @@ func CreateAdminInterface(udb auth.UserStore, dbAdapter mongodb.DbAdapter, uploa
 	// create quartzgun router
 	rtr := &router.Router{Fallback: *template.Must(template.ParseFiles("templates/error.html"))}
 
+	rl := rateLimiter.IpRateLimiter{
+		Data:            map[string]*rateLimiter.RateLimitData{},
+		Seconds:         5,
+		AttemptsAllowed: 5,
+	}
+
 	scopes := map[string]string{}
 
-	rtr.Post("/api/auth/", Provision(udb, 84))
+	rtr.Post("/api/auth/", Throttle(Provision(udb, 84), rl.RateLimit))
 
 	// table management
 	rtr.Get("/api/table/", Validate(apiGetTableList(renderer.JSON("tableList"), udb), udb, scopes))

admin/util/util.go

@@ -2,8 +2,8 @@ package util
 
 import (
 	"encoding/base64"
-	"hacklab.nilfm.cc/felt/models"
+	"forge.lightcrystal.systems/nilix/felt/models"
-	"hacklab.nilfm.cc/quartzgun/auth"
+	"forge.lightcrystal.systems/nilix/quartzgun/auth"
 	"net/http"
 	"strings"
 )

cmd/cmd.go

@@ -2,8 +2,8 @@ package cmd
 
 import (
 	"fmt"
-	"hacklab.nilfm.cc/felt/register"
+	"forge.lightcrystal.systems/nilix/felt/register"
-	"hacklab.nilfm.cc/quartzgun/auth"
+	"forge.lightcrystal.systems/nilix/quartzgun/auth"
 	"strconv"
 	"time"
 )

config/config.go

@@ -8,7 +8,7 @@ import (
 	"strconv"
 	"strings"
 
-	"hacklab.nilfm.cc/quartzgun/cookie"
+	"forge.lightcrystal.systems/nilix/quartzgun/cookie"
 )
 
 type Config struct {

gametable/server.go

@@ -7,13 +7,13 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"forge.lightcrystal.systems/nilix/felt/admin"
+	"forge.lightcrystal.systems/nilix/felt/models"
+	"forge.lightcrystal.systems/nilix/felt/mongodb"
+	"forge.lightcrystal.systems/nilix/felt/register"
+	"forge.lightcrystal.systems/nilix/quartzgun/auth"
+	"forge.lightcrystal.systems/nilix/quartzgun/renderer"
 	"golang.org/x/time/rate"
-	"hacklab.nilfm.cc/felt/admin"
-	"hacklab.nilfm.cc/felt/models"
-	"hacklab.nilfm.cc/felt/mongodb"
-	"hacklab.nilfm.cc/felt/register"
-	"hacklab.nilfm.cc/quartzgun/auth"
-	"hacklab.nilfm.cc/quartzgun/renderer"
 	"io/ioutil"
 	"log"
 	"net/http"

go.mod

@@ -1,11 +1,11 @@
-module hacklab.nilfm.cc/felt
+module forge.lightcrystal.systems/nilix/felt
 
 go 1.19
 
 require (
+	forge.lightcrystal.systems/nilix/quartzgun v0.4.2
 	go.mongodb.org/mongo-driver v1.12.0
 	golang.org/x/time v0.1.0
-	hacklab.nilfm.cc/quartzgun v0.3.2
 	nhooyr.io/websocket v1.8.7
 )
 

go.sum

@@ -1,3 +1,5 @@
+forge.lightcrystal.systems/nilix/quartzgun v0.4.2 h1:S4ae33noQ+ilMvAKNh50KfwLb+SQqeXKZSoWMRsjEoM=
+forge.lightcrystal.systems/nilix/quartzgun v0.4.2/go.mod h1:hIXDh7AKtAVekjR6RIFW94d/c7cCQbyh8mzaTmP/pM8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -106,7 +108,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-hacklab.nilfm.cc/quartzgun v0.3.2 h1:PmRFZ/IgsXVWyNn1iOsQ/ZeMnOQIQy0PzFakhXBdZoU=
-hacklab.nilfm.cc/quartzgun v0.3.2/go.mod h1:P6qK4HB0CD/xfyRq8wdEGevAPFDDmv0KCaESSvv93LU=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
 nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=

main.go

@@ -2,12 +2,12 @@ package main
 
 import (
 	"context"
-	"hacklab.nilfm.cc/felt/cmd"
+	"forge.lightcrystal.systems/nilix/felt/cmd"
-	"hacklab.nilfm.cc/felt/config"
+	"forge.lightcrystal.systems/nilix/felt/config"
-	"hacklab.nilfm.cc/felt/gametable"
+	"forge.lightcrystal.systems/nilix/felt/gametable"
-	"hacklab.nilfm.cc/felt/mongodb"
+	"forge.lightcrystal.systems/nilix/felt/mongodb"
-	"hacklab.nilfm.cc/felt/register"
+	"forge.lightcrystal.systems/nilix/felt/register"
-	"hacklab.nilfm.cc/quartzgun/indentalUserDB"
+	"forge.lightcrystal.systems/nilix/quartzgun/indentalUserDB"
 	"log"
 	"net"
 	"net/http"

mongodb/adapter.go

@@ -4,11 +4,11 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"forge.lightcrystal.systems/nilix/felt/models"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/bson/primitive"
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
-	"hacklab.nilfm.cc/felt/models"
 	"time"
 )
 

register/register.go

@@ -9,10 +9,12 @@ import (
 	"strconv"
 	"time"
 
-	"hacklab.nilfm.cc/quartzgun/auth"
+	"forge.lightcrystal.systems/nilix/quartzgun/auth"
-	"hacklab.nilfm.cc/quartzgun/renderer"
+	. "forge.lightcrystal.systems/nilix/quartzgun/middleware"
-	"hacklab.nilfm.cc/quartzgun/router"
+	"forge.lightcrystal.systems/nilix/quartzgun/rateLimiter"
-	"hacklab.nilfm.cc/quartzgun/util"
+	"forge.lightcrystal.systems/nilix/quartzgun/renderer"
+	"forge.lightcrystal.systems/nilix/quartzgun/router"
+	"forge.lightcrystal.systems/nilix/quartzgun/util"
 )
 
 type SymmetricCrypto interface {
@@ -105,9 +107,13 @@ func WithUserStoreAndCrypto(next http.Handler, udb auth.UserStore, crypto Symmet
 
 func CreateRegistrationInterface(udb auth.UserStore, crypto SymmetricCrypto) http.Handler {
 	rtr := &router.Router{Fallback: *template.Must(template.ParseFiles("templates/error.html"))}
+	rl := rateLimiter.IndiscriminateRateLimiter{
+		Seconds:         5,
+		AttemptsAllowed: 5,
+	}
 
-	rtr.Get(`/(?P<cipher>\S+)`, WithCrypto(renderer.Template("templates/register.html"), crypto))
+	rtr.Get(`/(?P<cipher>\S+)`, Throttle(WithCrypto(renderer.Template("templates/register.html"), crypto), rl.RateLimit))
-	rtr.Post(`/(?P<cipher>\S+)`, WithUserStoreAndCrypto(renderer.Template("templates/registered.html"), udb, crypto))
+	rtr.Post(`/(?P<cipher>\S+)`, Throttle(WithUserStoreAndCrypto(renderer.Template("templates/registered.html"), udb, crypto), rl.RateLimit))
 
 	return http.HandlerFunc(rtr.ServeHTTP)
 }