Rate limit login stuff

2019-10-22 02:12:27 +00:00 · 2019-10-22 02:12:27 +00:00 · 80017bb32b
parent cc41444b21
commit 80017bb32b
3 changed files with 11 additions and 3 deletions
--- a/oauth2server/server/authorize.go
+++ b/oauth2server/server/authorize.go
@ -11,6 +11,7 @@ import (
 )

 func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
+	s.limiter.Wait(r.Context())
 	if r.Method != "POST" {
 		http.NotFound(w, r)
 		return
--- a/oauth2server/server/server.go
+++ b/oauth2server/server/server.go
@ -4,6 +4,8 @@ import (
 	"local/oauth2/oauth2server/config"
 	"local/router"
 	"local/storage"
+
+	"golang.org/x/time/rate"
 )

 var wildcard = router.Wildcard
@ -17,7 +19,8 @@ const (

 type Server struct {
 	*router.Router
-	store storage.DB
+	store   storage.DB
+	limiter *rate.Limiter
 }

 func New() *Server {
@ -27,8 +30,9 @@ func New() *Server {
 	}
 	purgeIssuedCredentials(store)
 	return &Server{
-		Router: router.New(),
-		store:  store,
+		Router:  router.New(),
+		store:   store,
+		limiter: rate.NewLimiter(1, 3),
 	}
 }

--- a/oauth2server/server/users.go
+++ b/oauth2server/server/users.go
@ -13,6 +13,7 @@ import (
 )

 func (s *Server) usersLog(w http.ResponseWriter, r *http.Request) {
+	s.limiter.Wait(r.Context())
 	q := r.URL.Query()
 	fmt.Fprintln(w, `
      <html>
@ -27,6 +28,7 @@ func (s *Server) usersLog(w http.ResponseWriter, r *http.Request) {
 }

 func (s *Server) usersRegister(w http.ResponseWriter, r *http.Request) {
+	s.limiter.Wait(r.Context())
 	fmt.Fprintln(w, `
      <html>
         <body>
@ -40,6 +42,7 @@ func (s *Server) usersRegister(w http.ResponseWriter, r *http.Request) {
 }

 func (s *Server) usersSubmit(w http.ResponseWriter, r *http.Request) {
+	s.limiter.Wait(r.Context())
 	if r.Method != "POST" {
 		http.NotFound(w, r)
 		return