aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 22:44:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

POS: Fix throttling for unauthenticated users

Browse Source 
Fixes a regression introduced with d24adda700: The negation for the `_rateLimitService.Throttle` result was removed with that commit, which lead to all unauthenticated request getting throttled. (It was correctly implemented in #6415.

Fixes btcpayserver/app#131.
This commit is contained in:
Dennis Reimann
2024-12-09 17:40:29 +01:00
parent 1214367503
commit 4d38f91bd5
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
BTCPayServer/Plugins/PointOfSale/Controllers/UIPointOfSaleController.cs
View File

@@ -430,9 +430,9 @@ namespace BTCPayServer.Plugins.PointOfSale.Controllers
}
private async Task<bool> Throttle(string appId) =>
HttpContext.Connection is { RemoteIpAddress: { } addr } &&
await _rateLimitService.Throttle(ZoneLimits.PublicInvoices, addr.ToString(), HttpContext.RequestAborted) &&
!(await _authorizationService.AuthorizeAsync(HttpContext.User, appId, Policies.CanViewInvoices)).Succeeded;
!(await _authorizationService.AuthorizeAsync(HttpContext.User, appId, Policies.CanViewInvoices)).Succeeded &&
HttpContext.Connection is { RemoteIpAddress: { } addr } &&
!await _rateLimitService.Throttle(ZoneLimits.PublicInvoices, addr.ToString(), HttpContext.RequestAborted);
private JObject TryParseJObject(string posData)
{