Updating rate limits to also use TOML

2025-10-13 20:53:49 +02:00
parent acd23c2f45
commit ff15c7a65f
9 changed files with 138 additions and 79 deletions
--- a/config/dev/conf.toml
+++ b/config/dev/conf.toml
@@ -1,13 +1,14 @@
-AllowFreshAdminGeneration = true
-AdminEmails = ["admin@admin.invalid"]
-AdminHmacEnv = "ADMIN_HMAC_ENV"
-UserHmacEnv = "USER_HMAC_ENV"
-AuthedRateLimitConfig = "ratelimit.auth.json"
-UnauthedRateLimitConfig = "ratelimit.unauth.json"
+gen-fresh-admin = true
+admin-emails = ["admin@admin.invalid"]
+admin-hmac-env = "ADMIN_HMAC_ENV"
+user-hmac-env = "USER_HMAC_ENV"
+auth-rate-limit-defs = "ratelimit.auth.toml"
+unauth-rate-limit-defs = "ratelimit.unauth.toml"

-DbDialect = "sqlite"
-DbUrl = "prepack.db"
-DbUsername = ""
-DbPasswordSecret = ""
-DbPort = ""
-DbName = ""
+[db]
+dialect = "sqlite"
+url = "prepack.db"
+username = ""
+password-secret = ""
+port = ""
+name = ""
--- a/config/dev/ratelimit.auth.json
+++ b/config/dev/ratelimit.auth.json
@@ -1,17 +0,0 @@
-{
-    "": {"seconds": 60, "max": 30, "_comment": "Global ratelimit."},
-
-    "GET:/v1/sec/doot": 
-        {"seconds": 5, "max": 3, "_comment": "One DPS (Doot Per Second) for monitoring?"},
-
-    "GET:/v1/sec/2fa-doot": 
-        {"seconds": 10, "max": 1, "_comment": "2FA doot probably doesn't need much usage at all, mainly exists as a proof of concept."},
-
-    "GET:/v1/adm/doot": 
-        {"seconds": 5, "max": 3, "_comment": "One DPS (Doot Per Second) for monitoring?"},
-
-    "GET:/v1/adm/2fa-doot": 
-        {"seconds": 10, "max": 1, "_comment": "2FA doot probably doesn't need much usage at all, mainly exists as a proof of concept."}
-    
-    
-}
--- a/config/dev/ratelimit.auth.toml
+++ b/config/dev/ratelimit.auth.toml
@@ -0,0 +1,29 @@
+[[Rules]]
+# Global Ratelimit
+match = ""
+seconds = 60
+max = 30
+
+[[Rules]]
+# One DPS (Doot Per Second) for monitoring
+match = "GET:/v1/sec/doot"
+seconds = 5
+max = 30
+
+[[Rules]]
+# 2FA doot probably doesn't need much usage at all, mainly exists as a proof of concept.
+match = "GET:/v1/sec/2fa-doot"
+seconds = 10
+max = 1
+
+[[Rules]]
+# One Admin DPS (Doot Per Second) for monitoring
+match = "GET:/v1/adm/doot"
+seconds = 5
+max = 3
+
+[[Rules]]
+# 2FA doot probably doesn't need much usage at all, mainly exists as a proof of concept.
+match = "GET:/v1/adm/2fa-doot"
+seconds = 10
+max = 1
--- a/config/dev/ratelimit.unauth.json
+++ b/config/dev/ratelimit.unauth.json
@@ -1,19 +0,0 @@
-{
-    "": 
-        {"seconds": 60, "max": 30, "_comment": "Global unauthenticated ratelimit."},
-
-    "GET:/v1/doot": 
-        {"seconds": 5, "max": 5, "_comment": "Unauthenticated DOOT for server monitoring."},
-
-    "POST:/v1/login": 
-        {"seconds": 60, "max": 3, "_comment": "Prevent bruteforce attacks on Login."},
-
-    "POST:/v1/admin": 
-        {"seconds": 60, "max": 1, "_comment": "Prevent bruteforce attacks on Admin Login."},
-
-    "POST:/v1/signup": 
-        {"seconds": 1800, "max": 1, "_comment": "Prevent spam account creation."},
-
-    "POST:/v1/forgot": 
-        {"seconds": 60, "max": 1, "_comment": "Slow down 'forgot password' enumeration/spam."}
-}
--- a/config/dev/ratelimit.unauth.toml
+++ b/config/dev/ratelimit.unauth.toml
@@ -0,0 +1,35 @@
+[[Rules]]
+# Global unauthenticated ratelimit.
+match = ""
+seconds = 60
+max = 30
+
+[[Rules]]
+# Unauthenticated DOOT for server monitoring.
+match = "GET:/v1/doot"
+seconds = 5
+max = 5
+
+[[Rules]]
+# Prevent bruteforce attacks on Login.
+match = "POST:/v1/login"
+seconds = 60
+max = 3
+
+[[Rules]]
+# Prevent bruteforce attacks on Admin Login.
+match = "POST:/v1/admin"
+seconds = 60
+max = 1
+
+[[Rules]]
+# Prevent spam account creation.
+match = "GET:/v1/adm/2fa-doot"
+seconds = 1800
+max = 1
+
+[[Rules]]
+# Slow down 'forgot password' enumeration/spam.
+match = "POST:/v1/forgot"
+seconds = 60
+max = 1