back round 0 view raw

createAccount stricter limits and more #3

merged
opened by baileytownsend.dev targeting main from feature/CreateAccountStricterRateLimits
  • added rate limiter on the com.atproto.servce.createAccount end point so you can set stricter limits
  • having a /pds/pds.env is no longer a hard requirment
  • fix a bug on com.atproto.server.getSession not returning on oauth logins
  • bit more logging on errors
options
unified split
Changed files
+13 -8
Cargo.lock
Cargo.toml
README.md
examples
Caddyfile
src
middleware.rs
+2 -3
Cargo.toml 
···

       
19

       
19

       
 

       
hex = "0.4"


     

       
20

       
20

       
 

       
jwt-compact = { version = "0.8.0", features = ["es256k"] }


     

       
21

       
21

       
 

       
scrypt = "0.11"


     

       
22

       

       
-

       
#lettre = { version = "0.11.18", default-features = false, features = ["pool", "tokio1-rustls", "smtp-transport", "hostname", "builder"] }


     

       
23

       

       
-

       
#lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] }


     

       

       
22

       
+

       
#Leaveing these two cause I think it is needed by the


     

       
24

       
23

       
 

       
aws-lc-rs = "1.13.0"


     

       
25

       

       
-

       
lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] }


     

       
26

       
24

       
 

       
rustls = { version = "0.23", default-features = false, features = ["tls12", "std", "logging", "aws_lc_rs"] }


     

       

       
25

       
+

       
lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] }


     

       
27

       
26

       
 

       
handlebars = { version = "6.3.2", features = ["rust-embed"] }


     

       
28

       
27

       
 

       
rust-embed = "8.7.2"


     

       
29

       
28

       
 

       
axum-template = { version = "3.0.0", features = ["handlebars"] }
+3 -3
Cargo.lock 
···

       
656

       
656

       
 

       
checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad"


     

       
657

       
657

       
 

       
dependencies = [


     

       
658

       
658

       
 

       
 "libc",


     

       
659

       

       
-

       
 "windows-sys 0.52.0",


     

       

       
659

       
+

       
 "windows-sys 0.59.0",


     

       
660

       
660

       
 

       
]


     

       
661

       
661

       
 

       



     

       
662

       
662

       
 

       
[[package]]


     
···

       
1392

       
1392

       
 

       
checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"


     

       
1393

       
1393

       
 

       
dependencies = [


     

       
1394

       
1394

       
 

       
 "cfg-if",


     

       
1395

       

       
-

       
 "windows-targets 0.48.5",


     

       

       
1395

       
+

       
 "windows-targets 0.52.6",


     

       
1396

       
1396

       
 

       
]


     

       
1397

       
1397

       
 

       



     

       
1398

       
1398

       
 

       
[[package]]


     
···

       
2136

       
2136

       
 

       
 "errno",


     

       
2137

       
2137

       
 

       
 "libc",


     

       
2138

       
2138

       
 

       
 "linux-raw-sys",


     

       
2139

       

       
-

       
 "windows-sys 0.52.0",


     

       

       
2139

       
+

       
 "windows-sys 0.59.0",


     

       
2140

       
2140

       
 

       
]


     

       
2141

       
2141

       
 

       



     

       
2142

       
2142

       
 

       
[[package]]
+1
examples/Caddyfile 
···

       
14

       
14

       
 

       
                path /xrpc/com.atproto.server.getSession


     

       
15

       
15

       
 

       
                path /xrpc/com.atproto.server.updateEmail


     

       
16

       
16

       
 

       
                path /xrpc/com.atproto.server.createSession


     

       

       
17

       
+

       
                path /xrpc/com.atproto.server.createAccount


     

       
17

       
18

       
 

       
                path /@atproto/oauth-provider/~api/sign-in


     

       
18

       
19

       
 

       
        }


     

       
19

       
20
-2
src/middleware.rs 
···

       
1

       
1

       
 

       
use crate::helpers::json_error_response;


     

       
2

       
2

       
 

       
use axum::extract::Request;


     

       
3

       

       
-

       
use axum::http::header::AUTHORIZATION;


     

       
4

       
3

       
 

       
use axum::http::{HeaderMap, StatusCode};


     

       
5

       
4

       
 

       
use axum::middleware::Next;


     

       
6

       
5

       
 

       
use axum::response::IntoResponse;


     
···

       
73

       
72

       
 

       
                                .expect("Error creating an error response");


     

       
74

       
73

       
 

       
                            }


     

       
75

       
74

       
 

       
                            let token = token.expect("Already checked for error,");


     

       
76

       

       
-

       
                            // Not going to worry about expiration since it still goes to the PDS


     

       
77

       
75

       
 

       
                            req.extensions_mut()


     

       
78

       
76

       
 

       
                                .insert(Did(Some(token.claims().custom.sub.clone())));


     

       
79

       
77

       
 

       
                        }
+7
README.md 
···

       
113

       
113

       
 

       
`GATEKEEPER_HOST` - Host for pds gatekeeper. Defaults to `127.0.0.1`


     

       
114

       
114

       
 

       



     

       
115

       
115

       
 

       
`GATEKEEPER_PORT` - Port for pds gatekeeper. Defaults to `8080`


     

       

       
116

       
+

       



     

       

       
117

       
+

       
`GATEKEEPER_CREATE_ACCOUNT_PER_SECOND` - Sets how often it takes a count off the limiter. example if you hit the rate


     

       

       
118

       
+

       
limit of 5 and set to 60, then in 60 seconds you will be able to make one more. Or in 5 minutes be able to make 5 more.


     

       

       
119

       
+

       



     

       

       
120

       
+

       
`GATEKEEPER_CREATE_ACCOUNT_BURST` - Sets how many requests can be made in a burst. In the prior example this is where


     

       

       
121

       
+

       
the 5 comes from. Example can set this to 10 to allow for 10 requests in a burst, and after 60 seconds it will drop one


     

       

       
122

       
+

       
off.