From 12701942c67a5207151ed995aacfaea0a419ba2b Mon Sep 17 00:00:00 2001 From: Cristian Date: Thu, 3 May 2018 10:35:48 -0300 Subject: [PATCH 1/3] RECAPTCHA_WINDOW and RECAPTCHA_INCORRECT_TRIGGER now can be set with env vars --- config.js | 6 ++++++ services/users.js | 8 +++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/config.js b/config.js index a99e08923..7eb7f9280 100644 --- a/config.js +++ b/config.js @@ -212,6 +212,12 @@ const CONFIG = { RECAPTCHA_PUBLIC: process.env.TALK_RECAPTCHA_PUBLIC, RECAPTCHA_SECRET: process.env.TALK_RECAPTCHA_SECRET, + // RECAPTCHA_WINDOW is the rate limit's time interval + RECAPTCHA_WINDOW: process.env.RECAPTCHA_WINDOW || '10m', + + // After RECAPTCHA_INCORRECT_TRIGGER incorrect attempts, recaptcha will be required. + RECAPTCHA_INCORRECT_TRIGGER: process.env.RECAPTCHA_INCORRECT_TRIGGER || 5, + // WEBSOCKET_LIVE_URI is the absolute url to the live endpoint. WEBSOCKET_LIVE_URI: process.env.TALK_WEBSOCKET_LIVE_URI || null, diff --git a/services/users.js b/services/users.js index e53df4119..1e84c8ff1 100644 --- a/services/users.js +++ b/services/users.js @@ -18,12 +18,14 @@ const { ErrCannotIgnoreStaff, } = require('../errors'); const { difference, sample, some, merge, random } = require('lodash'); -const { ROOT_URL } = require('../config'); +const { + ROOT_URL, + RECAPTCHA_WINDOW, + RECAPTCHA_INCORRECT_TRIGGER, +} = require('../config'); const { jwt: JWT_SECRET } = require('../secrets'); const debug = require('debug')('talk:services:users'); const User = require('../models/user'); -const RECAPTCHA_WINDOW = '10m'; // 10 minutes. -const RECAPTCHA_INCORRECT_TRIGGER = 5; // after 5 incorrect attempts, recaptcha will be required. const Actions = require('./actions'); const mailer = require('./mailer'); const i18n = require('./i18n'); From 8b35f2300a184254758c79f86debc85348275038 Mon Sep 17 00:00:00 2001 From: Cristian Date: Thu, 3 May 2018 13:06:47 -0300 Subject: [PATCH 2/3] Added TALK_ prefix to constants RECAPTCHA_WINDOW and RECAPTCHA_INCORRECT_TRIGGER --- config.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config.js b/config.js index 7eb7f9280..6a1f999a7 100644 --- a/config.js +++ b/config.js @@ -213,10 +213,11 @@ const CONFIG = { RECAPTCHA_SECRET: process.env.TALK_RECAPTCHA_SECRET, // RECAPTCHA_WINDOW is the rate limit's time interval - RECAPTCHA_WINDOW: process.env.RECAPTCHA_WINDOW || '10m', + RECAPTCHA_WINDOW: process.env.TALK_RECAPTCHA_WINDOW || '10m', // After RECAPTCHA_INCORRECT_TRIGGER incorrect attempts, recaptcha will be required. - RECAPTCHA_INCORRECT_TRIGGER: process.env.RECAPTCHA_INCORRECT_TRIGGER || 5, + RECAPTCHA_INCORRECT_TRIGGER: + process.env.TALK_RECAPTCHA_INCORRECT_TRIGGER || 5, // WEBSOCKET_LIVE_URI is the absolute url to the live endpoint. WEBSOCKET_LIVE_URI: process.env.TALK_WEBSOCKET_LIVE_URI || null, From 0e20ddb2fde76907314eca3aafde9968d5481160 Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Thu, 3 May 2018 10:40:06 -0600 Subject: [PATCH 3/3] added docs --- docs/source/02-02-advanced-configuration.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/source/02-02-advanced-configuration.md b/docs/source/02-02-advanced-configuration.md index b2ad29ad0..5b638401d 100644 --- a/docs/source/02-02-advanced-configuration.md +++ b/docs/source/02-02-advanced-configuration.md @@ -316,6 +316,18 @@ default to providing only a time based lockout. Refer to [reCAPTCHA](https://www.google.com/recaptcha/intro/index.html) for information on getting an account setup. +## TALK_RECAPTCHA_WINDOW + +The rate limit time interval that there can be [TALK_RECAPTCHA_INCORRECT_TRIGGER](#talk_recaptcha_incorrect_trigger) incorrect attempts until the reCAPTCHA is +marked as required, parsed by +[ms](https://www.npmjs.com/package/ms). (Default `10m`) + +## TALK_RECAPTCHA_INCORRECT_TRIGGER + +The number of times that an incorrect login can be entered before within a time +perioud indicated by [TALK_RECAPTCHA_WINDOW](#talk_recaptcha_window) until the +reCAPTCHA is marked as required. (Default `5`) + ## TALK_REDIS_CLIENT_CONFIGURATION Configuration overrides for the redis client configuration in a JSON encoded @@ -531,4 +543,4 @@ Sets the logging level for the context logger (from [Bunyan](https://github.com/ A JSON string representing the configuration passed to the [fetch](https://www.npmjs.com/package/node-fetch) call for the scraper. It can be used to set an authorization header, or change the user agent. (Default -`{}`) \ No newline at end of file +`{}`)