[release] v0.10.4-unstable4
This commit is contained in:
parent
1a41872613
commit
1ce42346bc
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "cosmos-server",
|
"name": "cosmos-server",
|
||||||
"version": "0.10.4-unstable3",
|
"version": "0.10.4-unstable4",
|
||||||
"description": "",
|
"description": "",
|
||||||
"main": "test-server.js",
|
"main": "test-server.js",
|
||||||
"bugs": {
|
"bugs": {
|
||||||
|
|
|
@ -8,6 +8,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func tokenEndpoint(rw http.ResponseWriter, req *http.Request) {
|
func tokenEndpoint(rw http.ResponseWriter, req *http.Request) {
|
||||||
|
utils.Log("Token endpoint")
|
||||||
|
|
||||||
// This context will be passed to all methods.
|
// This context will be passed to all methods.
|
||||||
ctx := req.Context()
|
ctx := req.Context()
|
||||||
|
|
||||||
|
|
|
@ -159,7 +159,6 @@ func SecureAPI(userRouter *mux.Router, public bool) {
|
||||||
},
|
},
|
||||||
))
|
))
|
||||||
userRouter.Use(utils.MiddlewareTimeout(45 * time.Second))
|
userRouter.Use(utils.MiddlewareTimeout(45 * time.Second))
|
||||||
userRouter.Use(utils.BlockPostWithoutReferer)
|
|
||||||
userRouter.Use(proxy.BotDetectionMiddleware)
|
userRouter.Use(proxy.BotDetectionMiddleware)
|
||||||
userRouter.Use(httprate.Limit(120, 1*time.Minute,
|
userRouter.Use(httprate.Limit(120, 1*time.Minute,
|
||||||
httprate.WithKeyFuncs(httprate.KeyByIP),
|
httprate.WithKeyFuncs(httprate.KeyByIP),
|
||||||
|
|
|
@ -177,6 +177,7 @@ func BlockPostWithoutReferer(next http.Handler) http.Handler {
|
||||||
if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" || r.Method == "DELETE" {
|
if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" || r.Method == "DELETE" {
|
||||||
referer := r.Header.Get("Referer")
|
referer := r.Header.Get("Referer")
|
||||||
if referer == "" {
|
if referer == "" {
|
||||||
|
utils.Error("Blocked POST request without Referer header", nil)
|
||||||
http.Error(w, "Bad Request: Invalid request.", http.StatusBadRequest)
|
http.Error(w, "Bad Request: Invalid request.", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue