rate limit things

cloudworxx · Aug 15, 2023 · f8d7c52 · f8d7c52
1 parent 88b3005
commit f8d7c52
Show file tree

Hide file tree

Showing 11 changed files with 90 additions and 9 deletions.
diff --git a/app/Http/Livewire/ForcePasswordReset.php b/app/Http/Livewire/ForcePasswordReset.php
@@ -3,10 +3,12 @@
 namespace App\Http\Livewire;
 
 use Illuminate\Support\Facades\Hash;
+use DanHarrin\LivewireRateLimiting\WithRateLimiting;
 use Livewire\Component;
 
 class ForcePasswordReset extends Component
 {
+    use WithRateLimiting;
     public string $email;
     public string $password;
     public string $password_confirmation;
@@ -21,6 +23,7 @@ public function mount() {
     }
     public function submit() {
         try {
+            $this->rateLimit(10);
             $this->validate();
             auth()->user()->forceFill([
                 'password' => Hash::make($this->password),

diff --git a/app/Http/Livewire/Waitlist.php b/app/Http/Livewire/Waitlist.php
@@ -3,6 +3,7 @@
 namespace App\Http\Livewire;
 
 use App\Jobs\SendConfirmationForWaitlistJob;
+use App\Models\User;
 use App\Models\Waitlist as ModelsWaitlist;
 use Livewire\Component;
 
@@ -24,6 +25,11 @@ public function submit()
     {
         $this->validate();
         try {
+            $already_registered = User::whereEmail($this->email)->first();
+            if ($already_registered) {
+                $this->emit('success', 'You are already registered (Thank you 💜).');
+                return;
+            }
             $found = ModelsWaitlist::where('email', $this->email)->first();
             ray($found);
             if ($found) {

diff --git a/app/Providers/FortifyServiceProvider.php b/app/Providers/FortifyServiceProvider.php
@@ -98,6 +98,14 @@ public function boot(): void
             return view('auth.two-factor-challenge');
         });
 
+        RateLimiter::for('force-password-reset', function (Request $request) {
+            return Limit::perMinute(15)->by($request->user()->id);
+        });
+
+        RateLimiter::for('forgot-password', function (Request $request) {
+            return Limit::perMinute(5)->by($request->ip());
+        });
+
         RateLimiter::for('login', function (Request $request) {
             $email = (string)$request->email;
 

diff --git a/bootstrap/helpers/shared.php b/bootstrap/helpers/shared.php
@@ -8,6 +8,7 @@
 use Nubs\RandomNameGenerator\All;
 use Poliander\Cron\CronExpression;
 use Visus\Cuid2\Cuid2;
+use DanHarrin\LivewireRateLimiting\Exceptions\TooManyRequestsException;
 
 function application_configuration_dir(): string
 {
@@ -46,7 +47,9 @@ function general_error_handler(Throwable|null $err = null, $that = null, $isJson
             } else {
                 throw new Exception($customErrorMessage ?? $err->errorInfo[2]);
             }
-        } else {
+        } elseif($err instanceof TooManyRequestsException){
+            throw new Exception($customErrorMessage ?? "Too many requests. Please try again in {$err->secondsUntilAvailable} seconds.");
+        }else {
             throw new Exception($customErrorMessage ?? $err->getMessage());
         }
     } catch (Throwable $error) {

diff --git a/composer.json b/composer.json
@@ -9,6 +9,7 @@
     "license": "MIT",
     "require": {
         "php": "^8.2",
+        "danharrin/livewire-rate-limiting": "^1.1",
         "doctrine/dbal": "^3.6",
         "guzzlehttp/guzzle": "^7.5.0",
         "laravel/fortify": "^v1.16.0",

diff --git a/composer.lock b/composer.lock
diff --git a/config/fortify.php b/config/fortify.php
@@ -105,6 +105,7 @@
     'limiters' => [
         'login' => 'login',
         'two-factor' => 'two-factor',
+        'forgot-password' => 'forgot-password',
     ],
 
     /*

diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php
@@ -3,7 +3,6 @@
         <div class="w-96 min-w-fit">
             <div class="flex flex-col items-center pb-8">
                 <div class="text-5xl font-extrabold tracking-tight text-center text-white">Coolify</div>
-                <x-version />
             </div>
             <div class="flex items-center gap-2">
                 <h1>{{ __('auth.login') }}</h1>

diff --git a/resources/views/livewire/force-password-reset.blade.php b/resources/views/livewire/force-password-reset.blade.php
@@ -9,9 +9,9 @@
             <h2>Set your initial password</h2>
         </div>
         <form class="flex flex-col gap-2" wire:submit.prevent='submit'>
-            <x-forms.input id="email" type="email" placeholder="Email" readonly />
-            <x-forms.input id="password" type="password" placeholder="New Password" />
-            <x-forms.input id="password_confirmation" type="password" placeholder="Confirm New Password" />
+            <x-forms.input id="email" type="email" placeholder="Email" readonly label="Email" />
+            <x-forms.input id="password" type="password" placeholder="New Password" label="New Password" required />
+            <x-forms.input id="password_confirmation" type="password" placeholder="Confirm New Password" label="Confirm New Password" required  />
             <x-forms.button type="submit">Reset Password</x-forms.button>
         </form>
     </div>

diff --git a/resources/views/livewire/waitlist.blade.php b/resources/views/livewire/waitlist.blade.php
@@ -1,7 +1,12 @@
 <div class="min-h-screen hero">
     <div class="w-96 min-w-fit">
+        <div class="flex flex-col items-center pb-8">
+            <a href="{{ route('dashboard') }}">
+                <div class="text-5xl font-bold tracking-tight text-center text-white">Coolify</div>
+            </a>
+        </div>
         <div class="flex items-center justify-center pb-4 text-center">
-            <h2>Start self-hosting in the
+            <h2>Self-hosting in the cloud
                 <svg class="inline-block w-8 h-8 text-warning width="512" height="512" viewBox="0 0 20 20"
                     xmlns="http://www.w3.org/2000/svg">
                     <g fill="currentColor" fill-rule="evenodd" clip-rule="evenodd">
@@ -18,6 +23,6 @@
             <x-forms.input id="email" type="email" label="Email" placeholder="[email protected]" />
             <x-forms.button type="submit">Join Waitlist</x-forms.button>
         </form>
-        Waiting: {{$waiting_in_line}}
+        Waiting in the line: {{$waiting_in_line}}
     </div>
 </div>
diff --git a/routes/web.php b/routes/web.php
@@ -93,7 +93,9 @@
 
 Route::middleware(['auth'])->group(function () {
     Route::get('/', [Controller::class, 'dashboard'])->name('dashboard');
-    Route::get('/force-password-reset', [Controller::class, 'force_passoword_reset'])->name('auth.force-password-reset');
+    Route::middleware(['throttle:force-password-reset'])->group(function() {
+        Route::get('/force-password-reset', [Controller::class, 'force_passoword_reset'])->name('auth.force-password-reset');
+    });
     Route::get('/subscription', [Controller::class, 'subscription'])->name('subscription');
     Route::get('/settings', [Controller::class, 'settings'])->name('settings.configuration');
     Route::get('/settings/license', [Controller::class, 'license'])->name('settings.license');