TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-04 17:04:59 +03:00
Code Issues Projects Releases Wiki Activity

Updated comment for globalBlock spam prevention (#10342)

Browse Source 
no-issue

Just made it more clear it's not global across the entire api.
This commit is contained in:
Fabien O'Carroll 2019-01-07 20:21:26 +07:00 committed by GitHub
parent 5cecf0cd61
commit d5bf6dc1c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/server/web/shared/middlewares/api/spam-prevention.js
View File

@ -40,9 +40,9 @@ const handleStoreError = (err) => {
err.next(customError); err.next(customError);
}; };
// This is a global endpoint protection mechanism that will lock an endpoint if there are so many // This locks a single endpoint based on excessive requests from an IP.
// requests from a single IP // Currently only used for auth type methods.
// We allow for a generous number of requests here to prevent communites on the same IP bing barred on account of a single suer // We allow for a generous number of requests here to prevent communites on the same IP bing barred on account of a single user
// Defaults to 50 attempts per hour and locks the endpoint for an hour // Defaults to 50 attempts per hour and locks the endpoint for an hour
const globalBlock = () => { const globalBlock = () => {
const ExpressBrute = require('express-brute'); const ExpressBrute = require('express-brute');