aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 22:44:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rate limit per IP the number of login attempt

Browse Source
This commit is contained in:
nicolas.dorier
2018-08-25 20:28:46 +09:00
parent 6c51d83f61
commit 023913a852
5 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
BTCPayServer/BTCPayServer.csproj
View File

@@ -49,6 +49,7 @@
<PackageReference Include="NBXplorer.Client" Version="1.0.2.18" /> <PackageReference Include="NBXplorer.Client" Version="1.0.2.18" />
<PackageReference Include="NicolasDorier.CommandLine" Version="1.0.0.2" /> <PackageReference Include="NicolasDorier.CommandLine" Version="1.0.0.2" />
<PackageReference Include="NicolasDorier.CommandLine.Configuration" Version="1.0.0.3" /> <PackageReference Include="NicolasDorier.CommandLine.Configuration" Version="1.0.0.3" />
<PackageReference Include="NicolasDorier.RateLimits" Version="1.0.0.3" />
<PackageReference Include="NicolasDorier.StandardConfiguration" Version="1.0.0.17" /> <PackageReference Include="NicolasDorier.StandardConfiguration" Version="1.0.0.17" />
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="2.1.0" /> <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="2.1.0" />
<PackageReference Include="SSH.NET" Version="2016.1.0" /> <PackageReference Include="SSH.NET" Version="2016.1.0" />

2
BTCPayServer/Controllers/AccountController.cs
View File

@@ -18,6 +18,7 @@ using BTCPayServer.Services.Stores;
using BTCPayServer.Logging; using BTCPayServer.Logging;
using BTCPayServer.Security; using BTCPayServer.Security;
using System.Globalization; using System.Globalization;
using NicolasDorier.RateLimits;
namespace BTCPayServer.Controllers namespace BTCPayServer.Controllers
{ {
@@ -70,6 +71,7 @@ namespace BTCPayServer.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
[RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null) public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{ {
ViewData["ReturnUrl"] = returnUrl; ViewData["ReturnUrl"] = returnUrl;

5
BTCPayServer/Hosting/BTCPayServerServices.cs
View File

@@ -41,6 +41,7 @@ using System.Security.Claims;
using BTCPayServer.Security; using BTCPayServer.Security;
using Microsoft.AspNetCore.Mvc.ModelBinding; using Microsoft.AspNetCore.Mvc.ModelBinding;
using NBXplorer.DerivationStrategy; using NBXplorer.DerivationStrategy;
using NicolasDorier.RateLimits;
namespace BTCPayServer.Hosting namespace BTCPayServer.Hosting
{ {
@@ -165,6 +166,10 @@ namespace BTCPayServer.Hosting
{ {
options.AddPolicy(CorsPolicies.All, p=>p.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin()); options.AddPolicy(CorsPolicies.All, p=>p.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
}); });
var rateLimits = new RateLimitService();
rateLimits.SetZone($"zone={ZoneLimits.Login} rate=5r/min burst=3 nodelay");
services.AddSingleton(rateLimits);
return services; return services;
} }

1
BTCPayServer/Hosting/Startup.cs
View File

@@ -166,6 +166,7 @@ namespace BTCPayServer.Hosting
Authorization = new[] { new NeedRole(Roles.ServerAdmin) } Authorization = new[] { new NeedRole(Roles.ServerAdmin) }
}); });
app.UseWebSockets(); app.UseWebSockets();
app.UseStatusCodePages();
app.UseMvc(routes => app.UseMvc(routes =>
{ {
routes.MapRoute( routes.MapRoute(

12
BTCPayServer/ZoneLimits.cs Normal file
View File

@@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace BTCPayServer
{
public class ZoneLimits
{
public const string Login = "btcpaylogin";
}
}