aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 06:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add spam rate limits for public invoice endpoints (Fix #3782) (#3889)

Browse Source
This commit is contained in:
Nicolas Dorier
2022-06-21 12:33:20 +09:00
committed by GitHub
parent 9d41a52d3b
commit 0aa7dacbca
7 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
BTCPayServer/Controllers/UIPublicController.cs
View File

@@ -10,6 +10,7 @@ using BTCPayServer.Plugins.PayButton.Models;
using BTCPayServer.Services.Stores;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Mvc;
using NicolasDorier.RateLimits;
namespace BTCPayServer.Controllers
{
@@ -38,6 +39,7 @@ namespace BTCPayServer.Controllers
[Route("api/v1/invoices")]
[IgnoreAntiforgeryToken]
[EnableCors(CorsPolicies.All)]
[RateLimitsFilter(ZoneLimits.PublicInvoices, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> PayButtonHandle([FromForm] PayButtonViewModel model, CancellationToken cancellationToken)
{
var store = await _StoreRepository.FindStore(model.StoreId);