Commit 47e8c67d1d6fce78bbe713eb030c24ecebc81081
1 parent
0461760f
Exists in
master
and in
4 other branches
Include API session route under rack protection
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
1 changed file
with
3 additions
and
1 deletions
Show diff stats
config/initializers/rack_attack.rb.example
| @@ -5,11 +5,13 @@ | @@ -5,11 +5,13 @@ | ||
| 5 | paths_to_be_protected = [ | 5 | paths_to_be_protected = [ |
| 6 | "#{Rails.application.config.relative_url_root}/users/password", | 6 | "#{Rails.application.config.relative_url_root}/users/password", |
| 7 | "#{Rails.application.config.relative_url_root}/users/sign_in", | 7 | "#{Rails.application.config.relative_url_root}/users/sign_in", |
| 8 | + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", | ||
| 9 | + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", | ||
| 8 | "#{Rails.application.config.relative_url_root}/users" | 10 | "#{Rails.application.config.relative_url_root}/users" |
| 9 | ] | 11 | ] |
| 10 | 12 | ||
| 11 | unless Rails.env.test? | 13 | unless Rails.env.test? |
| 12 | - Rack::Attack.throttle('protected paths', limit: 6, period: 60.seconds) do |req| | 14 | + Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| |
| 13 | req.ip if paths_to_be_protected.include?(req.path) && req.post? | 15 | req.ip if paths_to_be_protected.include?(req.path) && req.post? |
| 14 | end | 16 | end |
| 15 | end | 17 | end |