fix: rate limits for oidc too extreme

2026-05-04 00:20:45 +00:00 · 2026-02-19 19:00:01 -05:00
parent 7493573c61
commit 1be3eca335
2 changed files with 10 additions and 6 deletions
@@ -17,10 +17,10 @@
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 import express from 'express';
-const router = express.Router();
-import config from '../../config.js';
 import jwt from 'jsonwebtoken';
+import config from '../../config.js';
 import { get_user, subdomain } from '../../helpers.js';
+const router = express.Router();

 const REVALIDATION_COOKIE_NAME = 'puter_revalidation';
 const REVALIDATION_EXPIRY_SEC = 300; // 5 minutes
@@ -89,7 +89,7 @@ router.get('/auth/oidc/:provider/start', async (req, res) => {
        return res.status(404).end();
    }
    const svc_edgeRateLimit = req.services.get('edge-rate-limit');
-    if ( ! svc_edgeRateLimit.check('login') ) {
+    if ( ! svc_edgeRateLimit.check('oidc-general') ) {
        return res.status(429).send('Too many requests.');
    }
    const provider = req.params.provider;
@@ -128,7 +128,7 @@ router.get('/auth/oidc/callback/login', async (req, res) => {
        return res.status(404).end();
    }
    const svc_edgeRateLimit = req.services.get('edge-rate-limit');
-    if ( ! svc_edgeRateLimit.check('login') ) {
+    if ( ! svc_edgeRateLimit.check('oidc-general') ) {
        return res.status(429).send('Too many requests.');
    }
    const svc_oidc = req.services.get('oidc');
@@ -161,7 +161,7 @@ router.get('/auth/oidc/callback/signup', async (req, res) => {
        return res.status(404).end();
    }
    const svc_edgeRateLimit = req.services.get('edge-rate-limit');
-    if ( ! svc_edgeRateLimit.check('login') ) {
+    if ( ! svc_edgeRateLimit.check('oidc-general') ) {
        return res.status(429).send('Too many requests.');
    }
    const svc_oidc = req.services.get('oidc');
@@ -196,7 +196,7 @@ router.get('/auth/oidc/callback/revalidate', async (req, res) => {
        return res.status(404).end();
    }
    const svc_edgeRateLimit = req.services.get('edge-rate-limit');
-    if ( ! svc_edgeRateLimit.check('login') ) {
+    if ( ! svc_edgeRateLimit.check('oidc-general') ) {
        return res.status(429).send('Too many requests.');
    }
    const svc_oidc = req.services.get('oidc');
@@ -44,6 +44,10 @@ class EdgeRateLimitService extends BaseService {
    */
    _construct () {
        this.scopes = {
+            'oidc-general': {
+                limit: 100,
+                window: 15 * MINUTE,
+            },
            'login': {
                limit: 10,
                window: 15 * MINUTE,