Throttle password reset requests to one per account per 24 hours.
このコミットが含まれているのは:
Christian Heller
コミット
572cae3094
20
handlers.go
20
handlers.go
|
|
@ -26,6 +26,18 @@ func passwordResetRequestPostHandler(w http.ResponseWriter, r *http.Request) {
|
|||
if "" == mailuser {
|
||||
return
|
||||
}
|
||||
now := int(time.Now().Unix())
|
||||
tokens, errWait := getFromFileEntryFor(pwResetWaitPath, name, 2)
|
||||
if errWait == nil {
|
||||
lastTime, err := strconv.Atoi(tokens[0])
|
||||
if err != nil {
|
||||
log.Fatal("Trouble parsing password reset "+
|
||||
"wait times", err)
|
||||
}
|
||||
if lastTime+resetWaitTime >= now {
|
||||
return
|
||||
}
|
||||
}
|
||||
var target string
|
||||
tokens, err := getFromFileEntryFor(loginsPath, name, 5)
|
||||
if err != nil {
|
||||
|
|
@ -39,7 +51,7 @@ func passwordResetRequestPostHandler(w http.ResponseWriter, r *http.Request) {
|
|||
log.Fatal("Random string generation failed", err)
|
||||
}
|
||||
urlPart := base64.URLEncoding.EncodeToString(b)
|
||||
strTime := strconv.Itoa(int(time.Now().Unix()))
|
||||
strTime := strconv.Itoa(now)
|
||||
appendToFile(pwResetPath, urlPart+"\t"+name+"\t"+strTime)
|
||||
m := gomail.NewMessage()
|
||||
m.SetHeader("From", mailuser)
|
||||
|
|
@ -50,6 +62,12 @@ func passwordResetRequestPostHandler(w http.ResponseWriter, r *http.Request) {
|
|||
if err := dialer.DialAndSend(m); err != nil {
|
||||
log.Fatal("Can't send mail", err)
|
||||
}
|
||||
line := name + "\t" + strTime
|
||||
if nil == errWait {
|
||||
replaceLineStartingWith(pwResetWaitPath, name, line)
|
||||
} else {
|
||||
appendToFile(pwResetWaitPath, line)
|
||||
}
|
||||
}
|
||||
go preparePasswordReset(r.FormValue("name"))
|
||||
http.Redirect(w, r, "/", 302)
|
||||
|
|
|
|||
4
io.go
4
io.go
|
|
@ -13,6 +13,7 @@ const loginsFile = "logins.txt"
|
|||
const feedsDir = "feeds"
|
||||
const ipDelaysFile = "ip_delays.txt"
|
||||
const pwResetFile = "password_reset.txt"
|
||||
const pwResetWaitFile = "password_reset_wait.txt"
|
||||
|
||||
var certPath string
|
||||
var dataDir string
|
||||
|
|
@ -21,6 +22,7 @@ var ipDelaysPath string
|
|||
var keyPath string
|
||||
var loginsPath string
|
||||
var pwResetPath string
|
||||
var pwResetWaitPath string
|
||||
var templPath string
|
||||
|
||||
func createFileIfNotExists(path string) {
|
||||
|
|
@ -148,6 +150,7 @@ func initFilesAndDirs() {
|
|||
feedsPath = dataDir + "/" + feedsDir
|
||||
ipDelaysPath = dataDir + "/" + ipDelaysFile
|
||||
pwResetPath = dataDir + "/" + pwResetFile
|
||||
pwResetWaitPath = dataDir + "/" + pwResetWaitFile
|
||||
if "" != keyPath {
|
||||
log.Println("Using TLS.")
|
||||
if _, err := os.Stat(certPath); err != nil {
|
||||
|
|
@ -159,6 +162,7 @@ func initFilesAndDirs() {
|
|||
}
|
||||
createFileIfNotExists(loginsPath)
|
||||
createFileIfNotExists(pwResetPath)
|
||||
createFileIfNotExists(pwResetWaitPath)
|
||||
createFileIfNotExists(ipDelaysPath)
|
||||
// TODO: Handle err here.
|
||||
_ = os.Mkdir(feedsPath, 0700)
|
||||
|
|
|
|||
読み込み中…
新しいイシューから参照