vrr/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-05 23:42:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

introduce strict rate limitso on auth router endpoints

Browse source
This commit is contained in:
miloschwartz 2025-07-14 18:00:41 -07:00
parent d6fdb38c22
commit b7df0b122d
No known key found for this signature in database
6 changed files with 236 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

16
server/routers/auth/verifyTotp.ts
View file

@ -75,6 +75,14 @@ export async function verifyTotp(
)
);
user = res;
const validPassword = await verifyPassword(
password,
user.passwordHash!
);
if (!validPassword) {
return next(unauthorized());
}
}
if (!user) {
@ -91,14 +99,6 @@ export async function verifyTotp(
);
}
const validPassword = await verifyPassword(
password,
user.passwordHash!
);
if (!validPassword) {
return next(unauthorized());
}
if (user.type !== UserType.Internal) {
return next(
createHttpError(