saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-06-14 06:40:08 +00:00
Code Activity

Basic ratelimit for user login (including 2FA) and admin login

Browse source
This commit is contained in:
Daniel García 2021-12-22 21:48:49 +01:00
parent 0a5df06e77
commit 5529264c3f
No known key found for this signature in database
GPG key ID: FC8A7D14C3CD543A
7 changed files with 134 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/api/admin.rs
View file

@ -166,6 +166,10 @@ fn post_admin_login(
) -> Result<Redirect, Flash<Redirect>> {
let data = data.into_inner();
if crate::ratelimit::check_limit_admin(&ip.ip).is_err() {
return Err(Flash::error(Redirect::to(admin_url(referer)), "Too many requests, try again later."));
}
// If the token is invalid, redirect to login page
if !_validate_token(&data.token) {
error!("Invalid admin token. IP: {}", ip.ip);