New rate limiter
[akkoma] / lib / pleroma / web / mongooseim / mongoose_im_controller.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
6 use Pleroma.Web, :controller
7
8 alias Comeonin.Pbkdf2
9 alias Pleroma.Plugs.RateLimiter
10 alias Pleroma.Repo
11 alias Pleroma.User
12
13 plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
14 plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
15
16 def user_exists(conn, %{"user" => username}) do
17 with %User{} <- Repo.get_by(User, nickname: username, local: true) do
18 conn
19 |> json(true)
20 else
21 _ ->
22 conn
23 |> put_status(:not_found)
24 |> json(false)
25 end
26 end
27
28 def check_password(conn, %{"user" => username, "pass" => password}) do
29 with %User{password_hash: password_hash} <-
30 Repo.get_by(User, nickname: username, local: true),
31 true <- Pbkdf2.checkpw(password, password_hash) do
32 conn
33 |> json(true)
34 else
35 false ->
36 conn
37 |> put_status(:forbidden)
38 |> json(false)
39
40 _ ->
41 conn
42 |> put_status(:not_found)
43 |> json(false)
44 end
45 end
46 end