about summary refs log tree commit diff
path: root/config/initializers/rack-attack.rb
diff options
context:
space:
mode:
authorEugen <eugen@zeonfederated.com>2017-04-18 22:29:14 +0200
committerGitHub <noreply@github.com>2017-04-18 22:29:14 +0200
commitff5baa5349ca7a5391cfa9e283d2f5e653f876ee (patch)
treec00a06ef9f35becb52d33e2d3876fe129f8143c7 /config/initializers/rack-attack.rb
parent297c11dba2864b20992cd3f98282f5ce35d5d144 (diff)
Add rate limits for logins and sign-ups by IP (5 in 5 minutes) (#2079)
* Add rate limits for logins and sign-ups by IP (5 in 5 minutes)
Should be enough for normal attempts

* Add rate limit for forgotten password form as well
Diffstat (limited to 'config/initializers/rack-attack.rb')
-rw-r--r--config/initializers/rack-attack.rb19
1 files changed, 0 insertions, 19 deletions
diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb
deleted file mode 100644
index 70f7846d1..000000000
--- a/config/initializers/rack-attack.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-class Rack::Attack
-  # Rate limits for the API
-  throttle('api', limit: 300, period: 5.minutes) do |req|
-    req.ip if req.path.match(/\A\/api\/v/)
-  end
-
-  self.throttled_response = lambda do |env|
-    now        = Time.now.utc
-    match_data = env['rack.attack.match_data']
-
-    headers = {
-      'X-RateLimit-Limit'     => match_data[:limit].to_s,
-      'X-RateLimit-Remaining' => '0',
-      'X-RateLimit-Reset'     => (now + (match_data[:period] - now.to_i % match_data[:period])).iso8601(6),
-    }
-
-    [429, headers, [{ error: 'Throttled' }.to_json]]
-  end
-end
generated by cgit-pink (git 2.37.1) at 2024-10-06 11:10:18 +0000