Mathis/lemma
1
0
Fork 0
mirror of https://github.com/lordmathis/lemma.git synced 2025-11-05 23:44:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move rate limiting for authentication endpoints to the public routes group

Browse Source
This commit is contained in:
Matúš Námešný
2025-10-11 22:16:15 +02:00
parent 9ca8a46093
commit aca127e52e
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/internal/app/routes.go
View File

@@ -64,16 +64,16 @@ func setupRouter(o Options) *chi.Mux {
// API routes // API routes
r.Route("/api/v1", func(r chi.Router) { r.Route("/api/v1", func(r chi.Router) {
// Rate limiting for API routes
if o.Config.RateLimitRequests > 0 {
r.Use(httprate.LimitByIP(
o.Config.RateLimitRequests,
o.Config.RateLimitWindow,
))
}
// Public routes (no authentication required) // Public routes (no authentication required)
r.Group(func(r chi.Router) { r.Group(func(r chi.Router) {
// Rate limiting for authentication endpoints to prevent brute force attacks
if o.Config.RateLimitRequests > 0 {
r.Use(httprate.LimitByIP(
o.Config.RateLimitRequests,
o.Config.RateLimitWindow,
))
}
r.Post("/auth/login", handler.Login(o.SessionManager, o.CookieService)) r.Post("/auth/login", handler.Login(o.SessionManager, o.CookieService))
r.Post("/auth/refresh", handler.RefreshToken(o.SessionManager, o.CookieService)) r.Post("/auth/refresh", handler.RefreshToken(o.SessionManager, o.CookieService))
}) })