tabshift/pocketbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated otp manual rate limiter

Browse Source
This commit is contained in:
Gani Georgiev
2024-11-09 12:24:46 +02:00
parent 9cb6adab4d
commit 339399b0a4
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apis/record_auth_with_otp.go
View File

@@ -52,7 +52,7 @@ func recordAuthWithOTP(e *core.RequestEvent) error {
}
// since otps are usually simple digit numbers we enforce an extra rate limit rule to prevent enumerations
err = checkRateLimit(e, "@pb_otp_"+event.OTP.Id+event.Record.Id, core.RateLimitRule{MaxRequests: 4, Duration: 180})
err = checkRateLimit(e, "@pb_otp_"+event.Record.Id, core.RateLimitRule{MaxRequests: 5, Duration: 180})
if err != nil {
return e.TooManyRequestsError("Too many attempts, please try again later with a new OTP.", nil)
}