aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2026-02-23 07:04:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add spam rate limits for public invoice endpoints (Fix #3782) (#3889)

Browse Source
This commit is contained in:
Nicolas Dorier
2022-06-21 12:33:20 +09:00
committed by GitHub
parent 9d41a52d3b
commit 0aa7dacbca
7 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
BTCPayServer/Controllers/GreenField/GreenfieldUsersController.cs
View File

@@ -35,7 +35,7 @@ namespace BTCPayServer.Controllers.Greenfield
private readonly SettingsRepository _settingsRepository;
private readonly EventAggregator _eventAggregator;
private readonly IPasswordValidator<ApplicationUser> _passwordValidator;
private readonly RateLimitService _throttleService;
private readonly IRateLimitService _throttleService;
private readonly BTCPayServerOptions _options;
private readonly IAuthorizationService _authorizationService;
private readonly UserService _userService;
@@ -46,7 +46,7 @@ namespace BTCPayServer.Controllers.Greenfield
PoliciesSettings policiesSettings,
EventAggregator eventAggregator,
IPasswordValidator<ApplicationUser> passwordValidator,
RateLimitService throttleService,
IRateLimitService throttleService,
BTCPayServerOptions options,
IAuthorizationService authorizationService,
UserService userService,

3
BTCPayServer/Controllers/UIAppsPublicController.cs
View File

@@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using NBitpayClient;
using NicolasDorier.RateLimits;
using static BTCPayServer.Controllers.UIAppsController;
namespace BTCPayServer.Controllers
@@ -116,6 +117,7 @@ namespace BTCPayServer.Controllers
[IgnoreAntiforgeryToken]
[EnableCors(CorsPolicies.All)]
[DomainMappingConstraint(AppType.PointOfSale)]
[RateLimitsFilter(ZoneLimits.PublicInvoices, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> ViewPointOfSale(string appId,
PosViewType viewType,
[ModelBinder(typeof(InvariantDecimalModelBinder))] decimal? amount,
@@ -292,6 +294,7 @@ namespace BTCPayServer.Controllers
[IgnoreAntiforgeryToken]
[EnableCors(CorsPolicies.All)]
[DomainMappingConstraintAttribute(AppType.Crowdfund)]
[RateLimitsFilter(ZoneLimits.PublicInvoices, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> ContributeToCrowdfund(string appId, ContributeToCrowdfund request, CancellationToken cancellationToken)
{

2
BTCPayServer/Controllers/UIPublicController.cs
View File

@@ -10,6 +10,7 @@ using BTCPayServer.Plugins.PayButton.Models;
using BTCPayServer.Services.Stores;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Mvc;
using NicolasDorier.RateLimits;
namespace BTCPayServer.Controllers
{
@@ -38,6 +39,7 @@ namespace BTCPayServer.Controllers
[Route("api/v1/invoices")]
[IgnoreAntiforgeryToken]
[EnableCors(CorsPolicies.All)]
[RateLimitsFilter(ZoneLimits.PublicInvoices, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> PayButtonHandle([FromForm] PayButtonViewModel model, CancellationToken cancellationToken)
{
var store = await _StoreRepository.FindStore(model.StoreId);