From 74538d6f2392d305f59358034e68472b910abfa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=90=99PiperYxzzy?= Date: Sat, 6 Aug 2022 19:59:08 +0200 Subject: [PATCH] Assorted small changes: name fix, adding comments, cookie domain fix --- controllers/core/core.go | 6 ++++-- controllers/ratelimit.go | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/controllers/core/core.go b/controllers/core/core.go index ae5604d..82f4807 100644 --- a/controllers/core/core.go +++ b/controllers/core/core.go @@ -154,6 +154,8 @@ func UserLogin() gin.HandlerFunc { } jwt, maxAge := u.GetJwt() + //TODO we should set the domain for this cookie via a variable as it may not + // always be /v1/sec c.SetCookie(JwtHeader, jwt, maxAge, "/v1/sec/", "", true, true) <-minTime } @@ -359,7 +361,7 @@ func AdminLogin() gin.HandlerFunc { } jwt, maxAge := a.GetJwt() - c.SetCookie(JwtHeader, jwt, maxAge, "/v1/sec/", "", true, true) + c.SetCookie(JwtHeader, jwt, maxAge, "/v1/adm/", "", true, true) <-minTime } } @@ -563,4 +565,4 @@ func checkTwoFactorNotReused(a *models.Auth, tfCode string) bool { // @Param twofactorcode query string true "2FA authentication code" // @Router /sec/2fa-doot [get] // @Success 200 -func secureDootDefinition() {} +func SecureDootDefinition() {} diff --git a/controllers/ratelimit.go b/controllers/ratelimit.go index b1907d0..19ba2d9 100644 --- a/controllers/ratelimit.go +++ b/controllers/ratelimit.go @@ -91,6 +91,10 @@ var unauthed = megabucket{ }, } +/** + * Applies rate limiting to unauthorized actors based on their IP address. + * Imperfect, but better than a stab to the eye with a blunt pencil. + */ func UnauthRateLimit() gin.HandlerFunc { return func(c *gin.Context) { ip := c.ClientIP() @@ -109,6 +113,10 @@ var authed = megabucket{ }, } +/** + * Authorized rate limit. Using the UID of the authorized user as the + * accessor signature, rate limit based on the preexisting rules. + */ func AuthedRateLimit() gin.HandlerFunc { return func(c *gin.Context) { pif, exists := c.Get("principal")