From 7cd9fa6e5bceec37ebee5dd24a5f8cb72f2257d9 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 29 Oct 2023 05:27:12 -0600 Subject: [PATCH 1/4] Update pixelfed config --- config/pixelfed.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/pixelfed.php b/config/pixelfed.php index 521ccef71..b71d81c51 100644 --- a/config/pixelfed.php +++ b/config/pixelfed.php @@ -289,4 +289,6 @@ return [ 'app_registration_rate_limit_attempts' => env('PF_IAR_RL_ATTEMPTS', 3), 'app_registration_rate_limit_decay' => env('PF_IAR_RL_DECAY', 1800), + 'app_registration_confirm_rate_limit_attempts' => env('PF_IARC_RL_ATTEMPTS', 10), + 'app_registration_confirm_rate_limit_decay' => env('PF_IARC_RL_ATTEMPTS', 1800), ]; From 1686fc68e82c57301a779a0a20a7c63822caee18 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 29 Oct 2023 05:28:13 -0600 Subject: [PATCH 2/4] Update pixelfed config --- config/pixelfed.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/pixelfed.php b/config/pixelfed.php index b71d81c51..fc7da598a 100644 --- a/config/pixelfed.php +++ b/config/pixelfed.php @@ -289,6 +289,6 @@ return [ 'app_registration_rate_limit_attempts' => env('PF_IAR_RL_ATTEMPTS', 3), 'app_registration_rate_limit_decay' => env('PF_IAR_RL_DECAY', 1800), - 'app_registration_confirm_rate_limit_attempts' => env('PF_IARC_RL_ATTEMPTS', 10), + 'app_registration_confirm_rate_limit_attempts' => env('PF_IARC_RL_ATTEMPTS', 20), 'app_registration_confirm_rate_limit_decay' => env('PF_IARC_RL_ATTEMPTS', 1800), ]; From 4c6a0719ca6cfb2a508bfa95cf1115f0cd401e2e Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 29 Oct 2023 05:29:30 -0600 Subject: [PATCH 3/4] Update ApiV1Dot1Controller, add configurable app confirm rate limit ttl --- app/Http/Controllers/Api/ApiV1Dot1Controller.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php index 3eaa1d233..298deb705 100644 --- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php @@ -602,8 +602,8 @@ class ApiV1Dot1Controller extends Controller abort_if(BouncerService::checkIp($request->ip()), 404); } - $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), 10, function(){}, 1800); - abort_if(!$rl, 400, 'Too many requests'); + $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800)); + abort_if(!$rl, 429, 'Too many requests'); $this->validate($request, [ 'user_token' => 'required', From eb291efe00559bc4f59f46b1df94e1babcb8e06e Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 29 Oct 2023 05:29:56 -0600 Subject: [PATCH 4/4] Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0cf4aa01f..dc2b6cb11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,9 @@ - Update lexer regex, fix mention regex and add more tests ([778e83d3](https://github.com/pixelfed/pixelfed/commit/778e83d3)) - Update StatusTransformer, generate autolink on request ([dfe2379b](https://github.com/pixelfed/pixelfed/commit/dfe2379b)) - Update ComposeModal component, fix multi filter bug and allow media re-ordering before upload/posting ([56e315f6](https://github.com/pixelfed/pixelfed/commit/56e315f6)) +- Update ApiV1Dot1Controller, allow iar rate limits to be configurable ([28a80803](https://github.com/pixelfed/pixelfed/commit/28a80803)) +- Update ApiV1Dot1Controller, add domain to iar redirect ([1f82d47c](https://github.com/pixelfed/pixelfed/commit/1f82d47c)) +- Update ApiV1Dot1Controller, add configurable app confirm rate limit ttl ([4c6a0719](https://github.com/pixelfed/pixelfed/commit/4c6a0719)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.11.9 (2023-08-21)](https://github.com/pixelfed/pixelfed/compare/v0.11.8...v0.11.9)