Skip to content

Commit

Permalink
add auth rate limiter
Browse files Browse the repository at this point in the history
  • Loading branch information
juancwu committed Dec 23, 2024
1 parent c605bb2 commit 2a69219
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions backend/internal/v1/v1_auth/routes.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"KonferCA/SPUR/db"
"KonferCA/SPUR/internal/interfaces"
"KonferCA/SPUR/internal/middleware"
"time"

"github.com/labstack/echo/v4"
)
Expand All @@ -14,12 +15,21 @@ Sets up the V1 auth routes.
func SetupAuthRoutes(e *echo.Group, s interfaces.CoreServer) {

h := Handler{server: s}

// 5 request per minute, get block for 15 minutes, and ban up to 1 hour after four blocks.
authLimiter := middleware.NewRateLimiter(&middleware.RateLimiterConfig{
Requests: 5,
Window: time.Minute,
BlockPeriod: time.Minute * 15,
MaxBlocks: 4,
})

e.POST("/auth/login", h.handleLogin)
e.GET(
"/auth/ami-verified",
h.handleEmailVerificationStatus,
middleware.Auth(s.GetDB(), db.UserRoleStartupOwner, db.UserRoleAdmin),
)
e.GET("/auth/verify-email", h.handleVerifyEmail)
e.POST("/auth/register", h.handleRegister)
e.GET("/auth/verify-email", h.handleVerifyEmail, authLimiter.RateLimit())
e.POST("/auth/register", h.handleRegister, authLimiter.RateLimit())
}

0 comments on commit 2a69219

Please sign in to comment.