From 0ca7b828b383b6125a32131da8f6a4df709a2bde Mon Sep 17 00:00:00 2001 From: Bryan Stitt Date: Tue, 23 Aug 2022 18:51:42 +0000 Subject: [PATCH] check ip rate limit on user post --- web3_proxy/src/frontend/users.rs | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/web3_proxy/src/frontend/users.rs b/web3_proxy/src/frontend/users.rs index f76a3772..56ee3b1b 100644 --- a/web3_proxy/src/frontend/users.rs +++ b/web3_proxy/src/frontend/users.rs @@ -158,7 +158,7 @@ pub async fn post_login( todo!("proper error message: {}", e) } - if new_user { + let response = if new_user { // the only thing we need from them is an address // everything else is optional let user = user::ActiveModel { @@ -195,7 +195,11 @@ pub async fn post_login( */ } else { todo!("load existing user from the database"); - } + }; + + // TODO: create a new auth bearer token and save it in redis with a long (7 or 30 day?) expiry. + + // TODO: return the response } /// the JSON input to the `post_user` handler @@ -210,17 +214,20 @@ pub struct PostUser { #[debug_handler] /// post to the user endpoint to modify your account pub async fn post_user( - Json(payload): Json, - Extension(app): Extension>, AuthBearer(auth_token): AuthBearer, + ClientIp(ip): ClientIp, + Extension(app): Extension>, + Json(payload): Json, ) -> FrontendResult { - todo!("finish post_user"); + let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?; - // TODO: check the auth_token is valid for the user in PostUser + // TODO: check the auth_token is valid for the user in PostUser (in a helper function) // let user = user::ActiveModel { // address: sea_orm::Set(payload.address.to_fixed_bytes().into()), // email: sea_orm::Set(payload.email), // ..Default::default() // }; + + todo!("finish post_user"); }