aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 14:04:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add spam rate limits for public invoice endpoints (Fix #3782) (#3889)

Browse Source
This commit is contained in:
Nicolas Dorier
2022-06-21 12:33:20 +09:00
committed by GitHub
parent 9d41a52d3b
commit 0aa7dacbca
7 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
BTCPayServer/Controllers/UIAppsPublicController.cs
View File

@@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using NBitpayClient;
using NicolasDorier.RateLimits;
using static BTCPayServer.Controllers.UIAppsController;
namespace BTCPayServer.Controllers
@@ -116,6 +117,7 @@ namespace BTCPayServer.Controllers
[IgnoreAntiforgeryToken]
[EnableCors(CorsPolicies.All)]
[DomainMappingConstraint(AppType.PointOfSale)]
[RateLimitsFilter(ZoneLimits.PublicInvoices, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> ViewPointOfSale(string appId,
PosViewType viewType,
[ModelBinder(typeof(InvariantDecimalModelBinder))] decimal? amount,
@@ -292,6 +294,7 @@ namespace BTCPayServer.Controllers
[IgnoreAntiforgeryToken]
[EnableCors(CorsPolicies.All)]
[DomainMappingConstraintAttribute(AppType.Crowdfund)]
[RateLimitsFilter(ZoneLimits.PublicInvoices, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> ContributeToCrowdfund(string appId, ContributeToCrowdfund request, CancellationToken cancellationToken)
{