Skip to content

Commit

Permalink
Email rate limits followup (bluesky-social#2133)
Browse files Browse the repository at this point in the history
email rate limits followup
  • Loading branch information
dholms authored Feb 4, 2024
1 parent dd021b8 commit aaee2d0
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 20 deletions.
13 changes: 13 additions & 0 deletions packages/pds/src/api/com/atproto/server/requestAccountDelete.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,23 @@
import { DAY, HOUR } from '@atproto/common'
import { InvalidRequestError } from '@atproto/xrpc-server'
import { Server } from '../../../../lexicon'
import AppContext from '../../../../context'
import { authPassthru } from '../../../proxy'

export default function (server: Server, ctx: AppContext) {
server.com.atproto.server.requestAccountDelete({
rateLimit: [
{
durationMs: DAY,
points: 15,
calcKey: ({ auth }) => auth.credentials.did,
},
{
durationMs: HOUR,
points: 5,
calcKey: ({ auth }) => auth.credentials.did,
},
],
auth: ctx.authVerifier.accessCheckTakedown,
handler: async ({ auth, req }) => {
const did = auth.credentials.did
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,23 @@
import { DAY, HOUR } from '@atproto/common'
import { InvalidRequestError } from '@atproto/xrpc-server'
import { Server } from '../../../../lexicon'
import AppContext from '../../../../context'
import { authPassthru } from '../../../proxy'

export default function (server: Server, ctx: AppContext) {
server.com.atproto.server.requestEmailConfirmation({
rateLimit: [
{
durationMs: DAY,
points: 15,
calcKey: ({ auth }) => auth.credentials.did,
},
{
durationMs: HOUR,
points: 5,
calcKey: ({ auth }) => auth.credentials.did,
},
],
auth: ctx.authVerifier.accessCheckTakedown,
handler: async ({ auth, req }) => {
const did = auth.credentials.did
Expand Down
13 changes: 13 additions & 0 deletions packages/pds/src/api/com/atproto/server/requestEmailUpdate.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,23 @@
import { DAY, HOUR } from '@atproto/common'
import { InvalidRequestError } from '@atproto/xrpc-server'
import { Server } from '../../../../lexicon'
import AppContext from '../../../../context'
import { authPassthru, resultPassthru } from '../../../proxy'

export default function (server: Server, ctx: AppContext) {
server.com.atproto.server.requestEmailUpdate({
rateLimit: [
{
durationMs: DAY,
points: 15,
calcKey: ({ auth }) => auth.credentials.did,
},
{
durationMs: HOUR,
points: 5,
calcKey: ({ auth }) => auth.credentials.did,
},
],
auth: ctx.authVerifier.accessCheckTakedown,
handler: async ({ auth, req }) => {
const did = auth.credentials.did
Expand Down
53 changes: 33 additions & 20 deletions packages/pds/src/api/com/atproto/server/requestPasswordReset.ts
Original file line number Diff line number Diff line change
@@ -1,32 +1,45 @@
import { DAY, HOUR } from '@atproto/common'
import { InvalidRequestError } from '@atproto/xrpc-server'
import AppContext from '../../../../context'
import { Server } from '../../../../lexicon'
import { authPassthru } from '../../../proxy'

export default function (server: Server, ctx: AppContext) {
server.com.atproto.server.requestPasswordReset(async ({ input, req }) => {
const email = input.body.email.toLowerCase()
server.com.atproto.server.requestPasswordReset({
rateLimit: [
{
durationMs: DAY,
points: 50,
},
{
durationMs: HOUR,
points: 15,
},
],
handler: async ({ input, req }) => {
const email = input.body.email.toLowerCase()

const account = await ctx.accountManager.getAccountByEmail(email)
const account = await ctx.accountManager.getAccountByEmail(email)

if (!account?.email) {
if (ctx.entrywayAgent) {
await ctx.entrywayAgent.com.atproto.server.requestPasswordReset(
input.body,
authPassthru(req, true),
)
return
if (!account?.email) {
if (ctx.entrywayAgent) {
await ctx.entrywayAgent.com.atproto.server.requestPasswordReset(
input.body,
authPassthru(req, true),
)
return
}
throw new InvalidRequestError('account does not have an email address')
}
throw new InvalidRequestError('account does not have an email address')
}

const token = await ctx.accountManager.createEmailToken(
account.did,
'reset_password',
)
await ctx.mailer.sendResetPassword(
{ identifier: account.handle ?? account.email, token },
{ to: account.email },
)
const token = await ctx.accountManager.createEmailToken(
account.did,
'reset_password',
)
await ctx.mailer.sendResetPassword(
{ identifier: account.handle ?? account.email, token },
{ to: account.email },
)
},
})
}

0 comments on commit aaee2d0

Please sign in to comment.