cracking down on potential spam abuse

This commit is contained in:
2026-05-11 03:41:46 +02:00
parent 4bfb4fbb66
commit d7b87af138

View File

@@ -36,10 +36,6 @@ export default (router, tpl) => {
return res.reply({ body: tpl.render("login", { error: msg, theme: req.theme }) });
};
if (!username || !password || password.length < 20) {
return fail("Invalid username or password.");
}
if (await security.isRateLimited(ip, null, 'login')) {
const msg = "Too many attempts.";
if (req.headers['x-requested-with'] === 'XMLHttpRequest' || (req.headers.accept && req.headers.accept.includes('application/json'))) {
@@ -48,6 +44,10 @@ export default (router, tpl) => {
return res.reply({ code: 429, body: msg });
}
if (!username || !password || password.length < 20) {
return fail("Invalid username or password.");
}
const user = await db`
select id, password, activated, banned, ban_reason, ban_expires, force_password_change
from "user"