add rate limiter for login, update module

2024-11-28 10:39:02 -07:00 · 2024-11-28 10:39:02 -07:00 · ea9cf05d95
commit ea9cf05d95
parent ca951a7ef7
4 changed files with 22 additions and 10 deletions
--- a/go.mod
+++ b/go.mod
@ -1,7 +1,10 @@
-module hacklab.nilfm.cc/nirvash
+module forge.lightcrystal.systems/nilix/nirvash

 go 1.17

-require hacklab.nilfm.cc/quartzgun v0.3.2
+require (
+	forge.lightcrystal.systems/nilix/quartzgun v0.4.2
+	hacklab.nilfm.cc/quartzgun v0.3.2
+)

 require golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 // indirect
--- a/go.sum
+++ b/go.sum
@ -1,3 +1,5 @@
+forge.lightcrystal.systems/nilix/quartzgun v0.4.2 h1:S4ae33noQ+ilMvAKNh50KfwLb+SQqeXKZSoWMRsjEoM=
+forge.lightcrystal.systems/nilix/quartzgun v0.4.2/go.mod h1:hIXDh7AKtAVekjR6RIFW94d/c7cCQbyh8mzaTmP/pM8=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0=
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
--- a/lfo/middleware.go
+++ b/lfo/middleware.go
@ -2,7 +2,7 @@ package lfo

 import (
 	"context"
-	core "hacklab.nilfm.cc/nirvash/archetype"
+	core "forge.lightcrystal.systems/nilix/nirvash/archetype"
 	"net/http"
 	"strings"
 )
--- a/nirvash.go
+++ b/nirvash.go
@ -1,12 +1,13 @@
 package main

 import (
-	core "hacklab.nilfm.cc/nirvash/archetype"
-	. "hacklab.nilfm.cc/nirvash/lfo"
-	"hacklab.nilfm.cc/quartzgun/indentalUserDB"
-	. "hacklab.nilfm.cc/quartzgun/middleware"
-	"hacklab.nilfm.cc/quartzgun/renderer"
-	"hacklab.nilfm.cc/quartzgun/router"
+	core "forge.lightcrystal.systems/nilix/nirvash/archetype"
+	. "forge.lightcrystal.systems/nilix/nirvash/lfo"
+	"forge.lightcrystal.systems/nilix/quartzgun/indentalUserDB"
+	. "forge.lightcrystal.systems/nilix/quartzgun/middleware"
+	"forge.lightcrystal.systems/nilix/quartzgun/rateLimiter"
+	"forge.lightcrystal.systems/nilix/quartzgun/renderer"
+	"forge.lightcrystal.systems/nilix/quartzgun/router"
 	"html/template"
 	"net/http"
 	"os"
@ -45,10 +46,16 @@ func main() {
 			pathConcat(templateRoot, "footer.html"))),
 	}

+	rl := rateLimiter.IpRateLimiter{
+		Data:            map[string]*rateLimiter.RateLimitData{},
+		Seconds:         5,
+		AttemptsAllowed: 5,
+	}
+
 	rtr.Get("/login", renderer.Template(
 		pathConcat(templateRoot, "login.html")))

-	rtr.Post("/login", Authorize("/", udb, "/login?tryagain=1", 84))
+	rtr.Post("/login", Throttle(Authorize("/", udb, "/login?tryagain=1", 84), rl.RateLimit))

 	rtr.Get("/logout", Bunt("/", udb, "/login?tryagain=1"))