From e765b42d46ae6b98f1339e273c0040dc161b6023 Mon Sep 17 00:00:00 2001
From: Dessalines <dessalines@users.noreply.github.com>
Date: Thu, 25 Nov 2021 08:04:19 -0500
Subject: [PATCH] Adding a captcha rate limit. Fixes #1755 (#1941)

* Adding a captcha rate limit. Fixes #1755

* Changing to post rate limit.
---
 crates/websocket/src/chat_server.rs | 5 ++++-
 src/api_routes.rs                   | 7 ++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/crates/websocket/src/chat_server.rs b/crates/websocket/src/chat_server.rs
index 9fa258ff..2b58b2c1 100644
--- a/crates/websocket/src/chat_server.rs
+++ b/crates/websocket/src/chat_server.rs
@@ -491,7 +491,10 @@ impl ChatServer {
       } else {
         let user_operation = UserOperation::from_str(op)?;
         let fut = (message_handler)(context, msg.id, user_operation.clone(), data);
-        rate_limiter.message().wrap(ip, fut).await
+        match user_operation {
+          UserOperation::GetCaptcha => rate_limiter.post().wrap(ip, fut).await,
+          _ => rate_limiter.message().wrap(ip, fut).await,
+        }
       }
     }
   }
diff --git a/src/api_routes.rs b/src/api_routes.rs
index 9f06c5be..ae5fa40c 100644
--- a/src/api_routes.rs
+++ b/src/api_routes.rs
@@ -161,6 +161,12 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
           .wrap(rate_limit.register())
           .route(web::post().to(route_post_crud::<Register>)),
       )
+      .service(
+        // Handle captcha separately
+        web::resource("/user/get_captcha")
+          .wrap(rate_limit.post())
+          .route(web::get().to(route_get::<GetCaptcha>)),
+      )
       // User actions
       .service(
         web::scope("/user")
@@ -178,7 +184,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
           .route("/block", web::post().to(route_post::<BlockPerson>))
           // Account actions. I don't like that they're in /user maybe /accounts
           .route("/login", web::post().to(route_post::<Login>))
-          .route("/get_captcha", web::get().to(route_get::<GetCaptcha>))
           .route(
             "/delete_account",
             web::post().to(route_post_crud::<DeleteAccount>),
-- 
2.44.1