Sha256: 73061eb6be59ee1d0011cd647e734f06c05d5bb93b3aa3b58e7dab32165ee02e
Contents?: true
Size: 1005 Bytes
Versions: 26
Compression:
Stored size: 1005 Bytes
Contents
# frozen_string_literal: true
if Rails.env.production?
require "rack/attack"
Rails.application.configure do |config|
config.middleware.use Rack::Attack
end
Rack::Attack.throttle(
"requests by ip",
limit: Decidim.throttling_max_requests,
period: Decidim.throttling_period,
&:ip
)
# Throttle login attempts for a given email parameter to 6 reqs/minute
# Return the email as a discriminator on POST /users/sign_in requests
Rack::Attack.throttle("limit logins per email", limit: 5, period: 60.seconds) do |request|
request.params["user"]["email"] if request.path == "/users/sign_in" && request.post?
end
# Throttle login attempts for a given email parameter to 6 reqs/minute
# Return the email as a discriminator on POST /users/sign_in requests
Rack::Attack.throttle("limit password recovery attempts per email", limit: 5, period: 60.seconds) do |request|
request.params["user"]["email"] if request.path == "/users/password" && request.post?
end
end
Version data entries
26 entries across 26 versions & 1 rubygems