From b13e9dcf8d46fc0576ae4864c7459284b8056d7f Mon Sep 17 00:00:00 2001
From: Urko <urko@fungimail.com>
Date: Sun, 9 Jul 2023 21:58:26 +0200
Subject: [PATCH] feat: add request limiter

---
 internal/api/server.go | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/internal/api/server.go b/internal/api/server.go
index 28c4960..f8a47b2 100644
--- a/internal/api/server.go
+++ b/internal/api/server.go
@@ -1,14 +1,15 @@
 package api
 
 import (
-	"fmt"
 	"log"
+	"time"
 
 	"gitea.urkob.com/urko/prosody-password/internal/api/handler"
 	"gitea.urkob.com/urko/prosody-password/internal/services/fail2ban"
 	"gitea.urkob.com/urko/prosody-password/internal/services/prosody"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
+	"github.com/gofiber/fiber/v2/middleware/limiter"
 	"github.com/gofiber/template/handlebars/v2"
 )
 
@@ -34,7 +35,12 @@ func (s *RestServer) Start(apiPort, views string) error {
 		Views: engine,
 	})
 
-	// Or extend your config for customization
+	s.app.Use(limiter.New(limiter.Config{
+		Max:               5,
+		Expiration:        1 * time.Hour,
+		LimiterMiddleware: limiter.SlidingWindow{},
+	}))
+
 	s.app.Use(cors.New(cors.Config{
 		AllowMethods:  "POST,OPTIONS",
 		AllowOrigins:  "*",
@@ -46,13 +52,6 @@ func (s *RestServer) Start(apiPort, views string) error {
 
 	prosodyHdl := handler.NewProsodyHandler(s.prosodyService, s.fail2banSrv)
 	s.app.Post("/changePassword", func(c *fiber.Ctx) error {
-		log.Println("c.IPs()", c.IPs())
-		log.Println("c.IP", c.IP())
-		for _, ip := range c.IPs() {
-			if !s.fail2banSrv.CanChangePassword(ip) {
-				return handler.RenderError(c, fmt.Errorf("id is empty"), "Too many tries, blocked for 1h")
-			}
-		}
 
 		return prosodyHdl.Post(c)
 	})