Commit cb5b941a authored by Sietse Ringers's avatar Sietse Ringers
Browse files

feat: prevent large HTTP POST body and slow trickle requests DOS vectors in...

feat: prevent large HTTP POST body and slow trickle requests DOS vectors in keyshareserer and myirmaserver
parent 1bcb7bd9
......@@ -115,20 +115,25 @@ func (s *Server) Handler() http.Handler {
router.Use(server.LogMiddleware("keyshareserver", opts))
}
// Registration
router.Post("/client/register", s.handleRegister)
// Pin logic
router.Post("/users/verify/pin", s.handleVerifyPin)
router.Post("/users/change/pin", s.handleChangePin)
// Keyshare sessions
router.Group(func(router chi.Router) {
router.Use(s.userMiddleware)
router.Use(s.authorizationMiddleware)
router.Post("/users/isAuthorized", s.handleValidate)
router.Post("/prove/getCommitments", s.handleCommitments)
router.Post("/prove/getResponse", s.handleResponse)
router.Use(server.SizeLimitMiddleware)
router.Use(server.TimeoutMiddleware(nil, server.WriteTimeout))
// Registration
router.Post("/client/register", s.handleRegister)
// Pin logic
router.Post("/users/verify/pin", s.handleVerifyPin)
router.Post("/users/change/pin", s.handleChangePin)
// Keyshare sessions
router.Group(func(router chi.Router) {
router.Use(s.userMiddleware)
router.Use(s.authorizationMiddleware)
router.Post("/users/isAuthorized", s.handleValidate)
router.Post("/prove/getCommitments", s.handleCommitments)
router.Post("/prove/getResponse", s.handleResponse)
})
})
// IRMA server for issuing myirma credential during registration
......
......@@ -87,30 +87,35 @@ func (s *Server) Handler() http.Handler {
router.Use(cors.New(corsOptions).Handler)
// Login/logout
router.Post("/login/irma", s.handleIrmaLogin)
router.Post("/login/email", s.handleEmailLogin)
router.Post("/login/token/candidates", s.handleGetCandidates)
router.Post("/login/token", s.handleTokenLogin)
router.Post("/logout", s.handleLogout)
router.Group(func(router chi.Router) {
router.Use(server.SizeLimitMiddleware)
router.Use(server.TimeoutMiddleware(nil, server.WriteTimeout))
// Email verification
router.Post("/verify", s.handleVerifyEmail)
// Login/logout
router.Post("/login/irma", s.handleIrmaLogin)
router.Post("/login/email", s.handleEmailLogin)
router.Post("/login/token/candidates", s.handleGetCandidates)
router.Post("/login/token", s.handleTokenLogin)
router.Post("/logout", s.handleLogout)
// Session management
router.Post("/checksession", s.handleCheckSession)
// Email verification
router.Post("/verify", s.handleVerifyEmail)
router.Group(func(router chi.Router) {
router.Use(s.sessionMiddleware)
// Session management
router.Post("/checksession", s.handleCheckSession)
// User account data
router.Get("/user", s.handleUserInfo)
router.Get("/user/logs/{offset}", s.handleGetLogs)
router.Post("/user/delete", s.handleDeleteUser)
router.Group(func(router chi.Router) {
router.Use(s.sessionMiddleware)
// Email address management
router.Post("/email/add", s.handleAddEmail)
router.Post("/email/remove", s.handleRemoveEmail)
// User account data
router.Get("/user", s.handleUserInfo)
router.Get("/user/logs/{offset}", s.handleGetLogs)
router.Post("/user/delete", s.handleDeleteUser)
// Email address management
router.Post("/email/add", s.handleAddEmail)
router.Post("/email/remove", s.handleRemoveEmail)
})
})
// IRMA session server
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment