From 244e8258fd3532fe2047df205d385ab9531c6d8a Mon Sep 17 00:00:00 2001 From: ADAMJR Date: Tue, 3 Jan 2023 01:07:14 +0000 Subject: [PATCH] Increase rate limiting for emails. --- OUTLINE.md | 10 +++++----- backend/src/app.ts | 3 +-- backend/src/rest/routes/auth-routes.ts | 4 ++-- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/OUTLINE.md b/OUTLINE.md index 03a00825..99b131f6 100644 --- a/OUTLINE.md +++ b/OUTLINE.md @@ -1,5 +1,10 @@ # TODO +[2] unused images should be deleted +> user avatars +> guild icons +> images in messages +[3] improve email css layout [3] public servers (don't require login to view) > no server list > view as guest (disabled by default) @@ -11,11 +16,6 @@ # FIXME -[2] unused images should be deleted -> user avatars -> guild icons -> images in messages - # VERIFY [3] member status: members sometimes remain online, after going offline diff --git a/backend/src/app.ts b/backend/src/app.ts index acf10cad..50b61a25 100644 --- a/backend/src/app.ts +++ b/backend/src/app.ts @@ -12,8 +12,7 @@ connect(process.env.MONGO_URI, { useFindAndModify: false, useCreateIndex: true, serverSelectionTimeoutMS: 0, -}) - .catch(error => log.error(error.message ?? 'Unable to connect to db', { uri: process.env.MONGO_URI })) +}).catch(error => log.error(error.message ?? 'Unable to connect to db', { uri: process.env.MONGO_URI })) .then(async (con) => { log.info(`Connected to database.`, { uri: process.env.MONGO_URI }); await User.updateMany({ $set: { status: 'OFFLINE' } }) diff --git a/backend/src/rest/routes/auth-routes.ts b/backend/src/rest/routes/auth-routes.ts index 5d6e2797..abd31776 100644 --- a/backend/src/rest/routes/auth-routes.ts +++ b/backend/src/rest/routes/auth-routes.ts @@ -8,7 +8,7 @@ import { REST } from '@acrd/types'; export const router = Router(); -router.post('/login', extraRateLimit(25), (req, res, next) => { +router.post('/login', extraRateLimit(20), (req, res, next) => { req['flash'] = (_: string, message: string) => res.status(400).json({ message }); next(); }, passport.authenticate('local', { @@ -42,7 +42,7 @@ router.post('/register', extraRateLimit(10), async (req, res) => { res.status(201).json(await deps.users.createToken(user)); }); -router.get('/verify', extraRateLimit(25), async (req, res) => { +router.get('/verify', extraRateLimit(20), async (req, res) => { const email = deps.verification.getEmailFromCode(req.query.code as string); const user = await User.findOne({ email }) as any; if (!email || !user)