mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-21 09:52:06 +03:00
a2edc09762
closes #7766, refs #7579 - ensure we are using the correct brute keys - ensure we are using req.ip as Ghost is configured with trust proxy option - tidy up a little
65 lines
1.7 KiB
JavaScript
65 lines
1.7 KiB
JavaScript
var url = require('url'),
|
|
spamPrevention = require('./api/spam-prevention');
|
|
|
|
/**
|
|
* We set ignoreIP to false, because we tell brute-knex to use `req.ip`.
|
|
* We can use `req.ip`, because express trust proxy option is enabled.
|
|
*/
|
|
module.exports = {
|
|
/**
|
|
* block per route per ip
|
|
*/
|
|
globalBlock: spamPrevention.globalBlock.getMiddleware({
|
|
ignoreIP: false,
|
|
key: function (req, res, next) {
|
|
next(url.parse(req.url).pathname);
|
|
}
|
|
}),
|
|
/**
|
|
* block per route per ip
|
|
*/
|
|
globalReset: spamPrevention.globalReset.getMiddleware({
|
|
ignoreIP: false,
|
|
key: function (req, res, next) {
|
|
next(url.parse(req.url).pathname);
|
|
}
|
|
}),
|
|
/**
|
|
* block per user
|
|
* username === email!
|
|
*/
|
|
userLogin: spamPrevention.userLogin.getMiddleware({
|
|
ignoreIP: false,
|
|
key: function (req, res, next) {
|
|
if (req.body.username) {
|
|
return next(req.body.username + 'login');
|
|
}
|
|
|
|
if (req.body.authorizationCode) {
|
|
return next(req.body.authorizationCode + 'login');
|
|
}
|
|
|
|
if (req.body.refresh_token) {
|
|
return next(req.body.refresh_token + 'login');
|
|
}
|
|
|
|
return next();
|
|
}
|
|
}),
|
|
/**
|
|
* block per user
|
|
*/
|
|
userReset: spamPrevention.userReset.getMiddleware({
|
|
ignoreIP: false,
|
|
key: function (req, res, next) {
|
|
next(req.body.username + 'reset');
|
|
}
|
|
}),
|
|
privateBlog: spamPrevention.privateBlog.getMiddleware({
|
|
ignoreIP: false,
|
|
key: function (req, res, next) {
|
|
next('privateblog');
|
|
}
|
|
})
|
|
};
|