mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-07-16 04:03:47 +03:00
fix: add missing burst to rate limit
This commit is contained in:
@@ -5,6 +5,7 @@ import (
|
||||
"errors"
|
||||
"log/slog"
|
||||
"math"
|
||||
"net"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
@@ -46,7 +47,7 @@ type RateLimitPolicy struct {
|
||||
// The slice is built on each call so the policies are not retained at the package level, and the actor host registers one limiter per entry
|
||||
func RateLimitPolicies() []RateLimitPolicy {
|
||||
return []RateLimitPolicy{
|
||||
{Name: RateLimitAPI, Rate: 100, Per: time.Second},
|
||||
{Name: RateLimitAPI, Rate: 100, Per: time.Second, Burst: 300},
|
||||
{Name: RateLimitSignup, Rate: 2, Per: time.Minute, Burst: 10},
|
||||
{Name: RateLimitWebauthnLogin, Rate: 1, Per: 5 * time.Second, Burst: 10},
|
||||
{Name: RateLimitWebauthnReauthenticate, Rate: 1, Per: 10 * time.Second, Burst: 5},
|
||||
@@ -88,7 +89,7 @@ func (m *RateLimitMiddleware) Add(policy string) gin.HandlerFunc {
|
||||
|
||||
// Skip rate limiting for localhost and test environment
|
||||
// If the client ip is localhost the request comes from the frontend
|
||||
if ip == "" || ip == "127.0.0.1" || ip == "::1" || common.EnvConfig.AppEnv.IsTest() {
|
||||
if common.EnvConfig.AppEnv == common.AppEnvTest || net.ParseIP(ip).IsLoopback() {
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user