me/gin-gonic-prepack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rate limits should be per-method, not per-resource string.

Browse Source
This commit is contained in:
🐙PiperYxzzy
2022-10-12 22:43:05 +02:00
parent 2922793427
commit 2ada2b5936
3 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/dev/ratelimit.unauth.json
View File

@@ -2,18 +2,18 @@
"":
{"seconds": 60, "max": 30, "_comment": "Global unauthenticated ratelimit."},
"/v1/doot":
"GET:/v1/doot":
{"seconds": 5, "max": 5, "_comment": "Unauthenticated DOOT for server monitoring."},
"/v1/login":
"POST:/v1/login":
{"seconds": 60, "max": 3, "_comment": "Prevent bruteforce attacks on Login."},
"/v1/admin":
"POST:/v1/admin":
{"seconds": 60, "max": 1, "_comment": "Prevent bruteforce attacks on Admin Login."},
"/v1/signup":
"POST:/v1/signup":
{"seconds": 1800, "max": 1, "_comment": "Prevent spam account creation."},
"/v1/forgot":
"POST:/v1/forgot":
{"seconds": 60, "max": 1, "_comment": "Slow down 'forgot password' enumeration/spam."}
}