Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-26 03:31:34 +01:00
Code Issues Projects Releases Wiki Activity

added rate limiting to identity

Browse Source
This commit is contained in:
Kyle Spearrin 2017-09-28 15:01:43 -04:00
parent 1cc6fb1668
commit 0fff886357
5 changed files with 59 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Api/Api.csproj
View File

@ -18,7 +18,6 @@
<PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="1.1.2" />
<PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.2" />
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="1.1.2" />
<PackageReference Include="AspNetCoreRateLimit" Version="1.0.5" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="1.2.1" />
<PackageReference Include="System.Net.Http" Version="4.3.2" />
</ItemGroup>

1
src/Core/Core.csproj
View File

@ -49,6 +49,7 @@
</ItemGroup>
<ItemGroup>
<PackageReference Include="AspNetCoreRateLimit" Version="1.0.5" />
<PackageReference Include="Braintree" Version="3.8.0" />
<PackageReference Include="CommonMark.NET" Version="0.15.1" />
<PackageReference Include="Dapper" Version="1.50.4-alpha1-00070" />

2
src/Api/Middleware/CustomIpRateLimitMiddleware.cs → src/Core/Utilities/CustomIpRateLimitMiddleware.cs
View File

@ -8,7 +8,7 @@ using Microsoft.Extensions.Options;
using Newtonsoft.Json;
using System.Threading.Tasks;
namespace Bit.Api.Middleware
namespace Bit.Core.Utilities
{
public class CustomIpRateLimitMiddleware : IpRateLimitMiddleware
{

27
src/Identity/Startup.cs
View File

@ -7,6 +7,7 @@ using Microsoft.Extensions.Configuration;
using Bit.Core;
using Bit.Core.Utilities;
using Serilog.Events;
using AspNetCoreRateLimit;
namespace Bit.Identity
{
@ -30,6 +31,11 @@ namespace Bit.Identity
// Settings
var globalSettings = services.AddGlobalSettingsServices(Configuration);
if(!globalSettings.SelfHosted)
{
services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
}
// Data Protection
services.AddCustomDataProtectionServices(Environment, globalSettings);
@ -40,6 +46,16 @@ namespace Bit.Identity
// Context
services.AddScoped<CurrentContext>();
// Caching
services.AddMemoryCache();
if(!globalSettings.SelfHosted)
{
// Rate limiting
services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
}
// IdentityServer
services.AddCustomIdentityServerServices(Environment, globalSettings);
@ -67,6 +83,11 @@ namespace Bit.Identity
return e.Level > LogEventLevel.Error;
}
if(context.Contains(typeof(IpRateLimitMiddleware).FullName) && e.Level == LogEventLevel.Information)
{
return true;
}
return e.Level >= LogEventLevel.Error;
})
.AddConsole()
@ -75,6 +96,12 @@ namespace Bit.Identity
// Default Middleware
app.UseDefaultMiddleware(env);
if(!globalSettings.SelfHosted)
{
// Rate limiting
app.UseMiddleware<CustomIpRateLimitMiddleware>();
}
// Add IdentityServer to the request pipeline.
app.UseIdentityServer();
}

30
src/Identity/settings.json
View File

@ -47,5 +47,35 @@
"publicKey": "SECRET",
"privateKey": "SECRET"
}
},
"IpRateLimitOptions": {
"EnableEndpointRateLimiting": true,
"StackBlockedRequests": false,
"RealIpHeader": "CF-Connecting-IP",
"ClientIdHeader": "X-ClientId",
"HttpStatusCode": 429,
"IpWhitelist": [],
"EndpointWhitelist": [],
"ClientWhitelist": [],
"GeneralRules": [
{
"Endpoint": "*",
"Period": "1m",
"Limit": 60
},
{
"Endpoint": "*",
"Period": "1s",
"Limit": 5
},
{
"Endpoint": "post:/connect/token",
"Period": "1m",
"Limit": 10
}
]
},
"IpRateLimitPolicies": {
"IpRules": []
}
}