commit 440523ef40d95cddfa8e9f9269c88d2efd467230
parent 259cbd8e37cca6a1ff097111016899cecd474e41
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Wed, 14 Dec 2022 19:57:37 -0500
add doc
Diffstat:
1 file changed, 4 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -229,7 +229,10 @@ func LoginAttackHandler(c echo.Context) error {
if !found {
return c.NoContent(http.StatusNotFound)
}
+ // We use the "Dangerous" version of VerifyString, to avoid invalidating the captcha.
+ // This way, the captcha can be used multiple times by different users until it's time has expired.
if err := captcha.VerifyStringDangerous(tempLoginStore, loginLink.ID, key); err != nil {
+ // If the captcha was invalid, kill the circuit.
if conn, ok := c.Request().Context().Value("conn").(net.Conn); ok {
config.ConnMap.Close(conn)
}
@@ -884,6 +887,7 @@ func signupHandler(c echo.Context) error {
}
}
+ // If more than 10 users were created in the past minute, auto disable signup for the website
if database.GetRecentUsersCount() > 10 {
settings := database.GetSettings()
settings.SignupEnabled = false
