Home Explore Help
Register Sign In
oleg
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch 'staging' of github.com:mbliznikova/pixelfed into staging

mbliznikova 1 year ago
parent
a8f78aa2ab eb291efe00
commit
770409c4a4
3 changed files with 32 additions and 11 deletions
Unified View Show Diff Stats
  1. 3 0
      CHANGELOG.md
  2. 24 11
      app/Http/Controllers/Api/ApiV1Dot1Controller.php
  3. 5 0
      config/pixelfed.php

+ 3 - 0
CHANGELOG.md
View File 

@@ -37,6 +37,9 @@
 
 - Update lexer regex, fix mention regex and add more tests ([778e83d3](https://github.com/pixelfed/pixelfed/commit/778e83d3))
 
 - Update lexer regex, fix mention regex and add more tests ([778e83d3](https://github.com/pixelfed/pixelfed/commit/778e83d3))
 
 - Update StatusTransformer, generate autolink on request ([dfe2379b](https://github.com/pixelfed/pixelfed/commit/dfe2379b))
 
 - Update StatusTransformer, generate autolink on request ([dfe2379b](https://github.com/pixelfed/pixelfed/commit/dfe2379b))
 
 - Update ComposeModal component, fix multi filter bug and allow media re-ordering before upload/posting ([56e315f6](https://github.com/pixelfed/pixelfed/commit/56e315f6))
 
 - Update ComposeModal component, fix multi filter bug and allow media re-ordering before upload/posting ([56e315f6](https://github.com/pixelfed/pixelfed/commit/56e315f6))
 
+- Update ApiV1Dot1Controller, allow iar rate limits to be configurable ([28a80803](https://github.com/pixelfed/pixelfed/commit/28a80803))
 
+- Update ApiV1Dot1Controller, add domain to iar redirect ([1f82d47c](https://github.com/pixelfed/pixelfed/commit/1f82d47c))
 
+- Update ApiV1Dot1Controller, add configurable app confirm rate limit ttl ([4c6a0719](https://github.com/pixelfed/pixelfed/commit/4c6a0719))
 
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 
 
 ## [v0.11.9 (2023-08-21)](https://github.com/pixelfed/pixelfed/compare/v0.11.8...v0.11.9)
 
 ## [v0.11.9 (2023-08-21)](https://github.com/pixelfed/pixelfed/compare/v0.11.8...v0.11.9)

+ 24 - 11
app/Http/Controllers/Api/ApiV1Dot1Controller.php
View File 

@@ -11,6 +11,7 @@ use League\Fractal\Serializer\ArraySerializer;
 
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 
 use App\AccountLog;
 
 use App\AccountLog;
 
 use App\EmailVerification;
 
 use App\EmailVerification;
 
+use App\Follower;
 
 use App\Place;
 
 use App\Place;
 
 use App\Status;
 
 use App\Status;
 
 use App\Report;
 
 use App\Report;
 
@@ -21,6 +22,8 @@ use App\UserSetting;
 
 use App\Services\AccountService;
 
 use App\Services\AccountService;
 
 use App\Services\StatusService;
 
 use App\Services\StatusService;
 
 use App\Services\ProfileStatusService;
 
 use App\Services\ProfileStatusService;
 
+use App\Services\LikeService;
 
+use App\Services\ReblogService;
 
 use App\Services\PublicTimelineService;
 
 use App\Services\PublicTimelineService;
 
 use App\Services\NetworkTimelineService;
 
 use App\Services\NetworkTimelineService;
 
 use App\Util\Lexer\RestrictedNames;
 
 use App\Util\Lexer\RestrictedNames;
 
@@ -470,7 +473,7 @@ class ApiV1Dot1Controller extends Controller
 
 			abort_if(BouncerService::checkIp($request->ip()), 404);
 
 			abort_if(BouncerService::checkIp($request->ip()), 404);
 
 		}
 
 		}
 
 
 
-		$rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), 3, function(){}, 1800);
 
+		$rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800));
 
 		abort_if(!$rl, 400, 'Too many requests');
 
 		abort_if(!$rl, 400, 'Too many requests');
 
 
 
 		$this->validate($request, [
 
 		$this->validate($request, [
 
@@ -543,10 +546,10 @@ class ApiV1Dot1Controller extends Controller
 
 		$user->password = Hash::make($password);
 
 		$user->password = Hash::make($password);
 
 		$user->register_source = 'app';
 
 		$user->register_source = 'app';
 
 		$user->app_register_ip = $request->ip();
 
 		$user->app_register_ip = $request->ip();
 
-		$user->app_register_token = Str::random(32);
 
+		$user->app_register_token = Str::random(40);
 
 		$user->save();
 
 		$user->save();
 
 
 
-		$rtoken = Str::random(mt_rand(64, 70));
 
+		$rtoken = Str::random(64);
 
 
 
 		$verify = new EmailVerification();
 
 		$verify = new EmailVerification();
 
 		$verify->user_id = $user->id;
 
 		$verify->user_id = $user->id;
 
@@ -555,7 +558,12 @@ class ApiV1Dot1Controller extends Controller
 
 		$verify->random_token = $rtoken;
 
 		$verify->random_token = $rtoken;
 
 		$verify->save();
 
 		$verify->save();
 
 
 
-		$appUrl = url('/api/v1.1/auth/iarer?ut=' . $user->app_register_token . '&rt=' . $rtoken);
 
+		$params = http_build_query([
 
+			'ut' => $user->app_register_token,
 
+			'rt' => $rtoken,
 
+			'ea' => base64_encode($user->email)
 
+		]);
 
+		$appUrl = url('/api/v1.1/auth/iarer?'. $params);
 
 
 
 		Mail::to($user->email)->send(new ConfirmAppEmail($verify, $appUrl));
 
 		Mail::to($user->email)->send(new ConfirmAppEmail($verify, $appUrl));
 
 
 
@@ -568,14 +576,19 @@ class ApiV1Dot1Controller extends Controller
 
 	{
 
 	{
 
 		$this->validate($request, [
 
 		$this->validate($request, [
 
 			'ut' => 'required',
 
 			'ut' => 'required',
 
-			'rt' => 'required'
 
+			'rt' => 'required',
 
+			'ea' => 'required'
 
 		]);
 
 		]);
 
-		if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
 
-			abort_if(BouncerService::checkIp($request->ip()), 404);
 
-		}
 
 		$ut = $request->input('ut');
 
 		$ut = $request->input('ut');
 
 		$rt = $request->input('rt');
 
 		$rt = $request->input('rt');
 
-		$url = 'pixelfed://confirm-account/'. $ut . '?rt=' . $rt;
 
+		$ea = $request->input('ea');
 
+		$params = http_build_query([
 
+			'ut' => $ut,
 
+			'rt' => $rt,
 
+			'domain' => config('pixelfed.domain.app'),
 
+			'ea' => $ea
 
+		]);
 
+		$url = 'pixelfed://confirm-account/'. $ut . '?' . $params;
 
 		return redirect()->away($url);
 
 		return redirect()->away($url);
 
 	}
 
 	}
 
 
 
@@ -589,8 +602,8 @@ class ApiV1Dot1Controller extends Controller
 
 			abort_if(BouncerService::checkIp($request->ip()), 404);
 
 			abort_if(BouncerService::checkIp($request->ip()), 404);
 
 		}
 
 		}
 
 
 
-		$rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), 10, function(){}, 1800);
 
-		abort_if(!$rl, 400, 'Too many requests');
 
+		$rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
 
+		abort_if(!$rl, 429, 'Too many requests');
 
 
 
 		$this->validate($request, [
 
 		$this->validate($request, [
 
 			'user_token' => 'required',
 
 			'user_token' => 'required',

+ 5 - 0
config/pixelfed.php
View File 

@@ -286,4 +286,9 @@ return [
 
 	'max_altext_length' => env('PF_MEDIA_MAX_ALTTEXT_LENGTH', 1000),
 
 	'max_altext_length' => env('PF_MEDIA_MAX_ALTTEXT_LENGTH', 1000),
 
 
 
 	'allow_app_registration' => env('PF_ALLOW_APP_REGISTRATION', true),
 
 	'allow_app_registration' => env('PF_ALLOW_APP_REGISTRATION', true),
 
+
 
+    'app_registration_rate_limit_attempts' => env('PF_IAR_RL_ATTEMPTS', 3),
 
+    'app_registration_rate_limit_decay' => env('PF_IAR_RL_DECAY', 1800),
 
+    'app_registration_confirm_rate_limit_attempts' => env('PF_IARC_RL_ATTEMPTS', 20),
 
+    'app_registration_confirm_rate_limit_decay' => env('PF_IARC_RL_ATTEMPTS', 1800),
 
 ];
 
 ];