cracking down on potential spam abuse
This commit is contained in:
@@ -36,10 +36,6 @@ export default (router, tpl) => {
|
||||
return res.reply({ body: tpl.render("login", { error: msg, theme: req.theme }) });
|
||||
};
|
||||
|
||||
if (!username || !password || password.length < 20) {
|
||||
return fail("Invalid username or password.");
|
||||
}
|
||||
|
||||
if (await security.isRateLimited(ip, null, 'login')) {
|
||||
const msg = "Too many attempts.";
|
||||
if (req.headers['x-requested-with'] === 'XMLHttpRequest' || (req.headers.accept && req.headers.accept.includes('application/json'))) {
|
||||
@@ -48,6 +44,10 @@ export default (router, tpl) => {
|
||||
return res.reply({ code: 429, body: msg });
|
||||
}
|
||||
|
||||
if (!username || !password || password.length < 20) {
|
||||
return fail("Invalid username or password.");
|
||||
}
|
||||
|
||||
const user = await db`
|
||||
select id, password, activated, banned, ban_reason, ban_expires, force_password_change
|
||||
from "user"
|
||||
|
||||
Reference in New Issue
Block a user