Tweak the login rate limiter
This commit is contained in:
parent
3f500cd019
commit
9f145c2f5e
|
@ -28,6 +28,21 @@ func Login() http.HandlerFunc {
|
||||||
password = r.PostFormValue("password")
|
password = r.PostFormValue("password")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Rate limit login attempts by email or username they are trying (whether it exists or not).
|
||||||
|
limiter := &ratelimit.Limiter{
|
||||||
|
Namespace: "login",
|
||||||
|
ID: username,
|
||||||
|
Limit: config.LoginRateLimit,
|
||||||
|
Window: config.LoginRateLimitWindow,
|
||||||
|
CooldownAt: config.LoginRateLimitCooldownAt,
|
||||||
|
Cooldown: config.LoginRateLimitCooldown,
|
||||||
|
}
|
||||||
|
if err := limiter.Ping(); err != nil {
|
||||||
|
session.FlashError(w, r, err.Error())
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Look up their account.
|
// Look up their account.
|
||||||
user, err := models.FindUser(username)
|
user, err := models.FindUser(username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -41,24 +56,8 @@ func Login() http.HandlerFunc {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Rate limit failed login attempts.
|
|
||||||
limiter := &ratelimit.Limiter{
|
|
||||||
Namespace: "login",
|
|
||||||
ID: user.ID,
|
|
||||||
Limit: config.LoginRateLimit,
|
|
||||||
Window: config.LoginRateLimitWindow,
|
|
||||||
CooldownAt: config.LoginRateLimitCooldownAt,
|
|
||||||
Cooldown: config.LoginRateLimitCooldown,
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify password.
|
// Verify password.
|
||||||
if err := user.CheckPassword(password); err != nil {
|
if err := user.CheckPassword(password); err != nil {
|
||||||
if err := limiter.Ping(); err != nil {
|
|
||||||
session.FlashError(w, r, err.Error())
|
|
||||||
templates.Redirect(w, r.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
session.FlashError(w, r, "Incorrect username or password.")
|
session.FlashError(w, r, "Incorrect username or password.")
|
||||||
templates.Redirect(w, r.URL.Path)
|
templates.Redirect(w, r.URL.Path)
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in New Issue
Block a user