Adding a captcha rate limit. Fixes #1755 (#1941)

* Adding a captcha rate limit. Fixes #1755

* Changing to post rate limit.

diff --git a/crates/websocket/src/chat_server.rs b/crates/websocket/src/chat_server.rs
index 9fa258ff4fed6039e83b73295b2a998b4a9bd163..2b58b2c1effd03818ca54b1d5e6bc23a3eb24fd1 100644 (file)
--- a/crates/websocket/src/chat_server.rs
+++ b/crates/websocket/src/chat_server.rs
@@ -491,7 +491,10 @@ impl ChatServer {
       } else {
         let user_operation = UserOperation::from_str(op)?;
         let fut = (message_handler)(context, msg.id, user_operation.clone(), data);
-        rate_limiter.message().wrap(ip, fut).await
+        match user_operation {
+          UserOperation::GetCaptcha => rate_limiter.post().wrap(ip, fut).await,
+          _ => rate_limiter.message().wrap(ip, fut).await,
+        }
       }
     }
   }

diff --git a/src/api_routes.rs b/src/api_routes.rs
index 9f06c5bef6f8665159afc57dd5941fb94886c4ec..ae5fa40c18b12c4916b79bf9f8adb46f7bc440ef 100644 (file)
--- a/src/api_routes.rs
+++ b/src/api_routes.rs
@@ -161,6 +161,12 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
           .wrap(rate_limit.register())
           .route(web::post().to(route_post_crud::<Register>)),
       )
+      .service(
+        // Handle captcha separately
+        web::resource("/user/get_captcha")
+          .wrap(rate_limit.post())
+          .route(web::get().to(route_get::<GetCaptcha>)),
+      )
       // User actions
       .service(
         web::scope("/user")
@@ -178,7 +184,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
           .route("/block", web::post().to(route_post::<BlockPerson>))
           // Account actions. I don't like that they're in /user maybe /accounts
           .route("/login", web::post().to(route_post::<Login>))
-          .route("/get_captcha", web::get().to(route_get::<GetCaptcha>))
           .route(
             "/delete_account",
             web::post().to(route_post_crud::<DeleteAccount>),