Merge remote-tracking branch 'origin/master'

pull/3242/head
Weblate 2 years ago
commit 21405f71b5

@ -2,6 +2,7 @@ const basicAuth = require("express-basic-auth");
const passwordHash = require("./password-hash"); const passwordHash = require("./password-hash");
const { R } = require("redbean-node"); const { R } = require("redbean-node");
const { setting } = require("./util-server"); const { setting } = require("./util-server");
const { log } = require("../src/util");
const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter"); const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter");
const { Settings } = require("./settings"); const { Settings } = require("./settings");
const dayjs = require("dayjs"); const dayjs = require("dayjs");
@ -81,12 +82,16 @@ function apiAuthorizer(username, password, callback) {
apiRateLimiter.pass(null, 0).then((pass) => { apiRateLimiter.pass(null, 0).then((pass) => {
if (pass) { if (pass) {
verifyAPIKey(password).then((valid) => { verifyAPIKey(password).then((valid) => {
if (!valid) {
log.warn("api-auth", "Failed API auth attempt: invalid API Key");
}
callback(null, valid); callback(null, valid);
// Only allow a set number of api requests per minute // Only allow a set number of api requests per minute
// (currently set to 60) // (currently set to 60)
apiRateLimiter.removeTokens(1); apiRateLimiter.removeTokens(1);
}); });
} else { } else {
log.warn("api-auth", "Failed API auth attempt: rate limit exceeded");
callback(null, false); callback(null, false);
} }
}); });
@ -106,10 +111,12 @@ function userAuthorizer(username, password, callback) {
callback(null, user != null); callback(null, user != null);
if (user == null) { if (user == null) {
log.warn("basic-auth", "Failed basic auth attempt: invalid username/password");
loginRateLimiter.removeTokens(1); loginRateLimiter.removeTokens(1);
} }
}); });
} else { } else {
log.warn("basic-auth", "Failed basic auth attempt: rate limit exceeded");
callback(null, false); callback(null, false);
} }
}); });

Loading…
Cancel
Save