feat: rate-limiting

Signed-off-by: Erik Michelson <github@erik.michelson.eu>

lib/web/auth/email/index.js

@@ -9,6 +9,7 @@ const models = require('../../../models')
 const logger = require('../../../logger')
 const { urlencodedParser } = require('../../utils')
 const errors = require('../../../errors')
+const rateLimit = require('../../middleware/rateLimit')
 
 const emailAuth = module.exports = Router()
 
@@ -37,7 +38,7 @@ passport.use(new LocalStrategy({
 }))
 
 if (config.allowEmailRegister) {
-  emailAuth.post('/register', urlencodedParser, function (req, res, next) {
+  emailAuth.post('/register', rateLimit.userEndpoints, urlencodedParser, function (req, res, next) {
     if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
     if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
     models.User.findOrCreate({
@@ -67,7 +68,7 @@ if (config.allowEmailRegister) {
   })
 }
 
-emailAuth.post('/login', urlencodedParser, function (req, res, next) {
+emailAuth.post('/login', rateLimit.userEndpoints, urlencodedParser, function (req, res, next) {
   if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
   if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
   passport.authenticate('local', {