Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations (#30316)

Browse source 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
This commit is contained in:
Emelia Smith 2024-05-29 16:00:05 +02:00 committed by GitHub
parent 6eea83211c
commit d20a5c3ec9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 22 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config/initializers/rack_attack.rb
View file

@ -105,6 +105,10 @@ class Rack::Attack
req.authenticated_user_id if (req.post? && req.path.match?(API_DELETE_REBLOG_REGEX)) || (req.delete? && req.path.match?(API_DELETE_STATUS_REGEX))
end
throttle('throttle_oauth_application_registrations/ip', limit: 5, period: 10.minutes) do |req|
req.throttleable_remote_ip if req.post? && req.path == '/api/v1/apps'
end
throttle('throttle_sign_up_attempts/ip', limit: 25, period: 5.minutes) do |req|
req.throttleable_remote_ip if req.post? && req.path_matches?('/auth')
end