Commit cb5b941a authored by Sietse Ringers's avatar Sietse Ringers
Browse files

feat: prevent large HTTP POST body and slow trickle requests DOS vectors in...

feat: prevent large HTTP POST body and slow trickle requests DOS vectors in keyshareserer and myirmaserver
parent 1bcb7bd9
...@@ -115,20 +115,25 @@ func (s *Server) Handler() http.Handler { ...@@ -115,20 +115,25 @@ func (s *Server) Handler() http.Handler {
router.Use(server.LogMiddleware("keyshareserver", opts)) router.Use(server.LogMiddleware("keyshareserver", opts))
} }
// Registration
router.Post("/client/register", s.handleRegister)
// Pin logic
router.Post("/users/verify/pin", s.handleVerifyPin)
router.Post("/users/change/pin", s.handleChangePin)
// Keyshare sessions
router.Group(func(router chi.Router) { router.Group(func(router chi.Router) {
router.Use(s.userMiddleware) router.Use(server.SizeLimitMiddleware)
router.Use(s.authorizationMiddleware) router.Use(server.TimeoutMiddleware(nil, server.WriteTimeout))
router.Post("/users/isAuthorized", s.handleValidate)
router.Post("/prove/getCommitments", s.handleCommitments) // Registration
router.Post("/prove/getResponse", s.handleResponse) router.Post("/client/register", s.handleRegister)
// Pin logic
router.Post("/users/verify/pin", s.handleVerifyPin)
router.Post("/users/change/pin", s.handleChangePin)
// Keyshare sessions
router.Group(func(router chi.Router) {
router.Use(s.userMiddleware)
router.Use(s.authorizationMiddleware)
router.Post("/users/isAuthorized", s.handleValidate)
router.Post("/prove/getCommitments", s.handleCommitments)
router.Post("/prove/getResponse", s.handleResponse)
})
}) })
// IRMA server for issuing myirma credential during registration // IRMA server for issuing myirma credential during registration
......
...@@ -87,30 +87,35 @@ func (s *Server) Handler() http.Handler { ...@@ -87,30 +87,35 @@ func (s *Server) Handler() http.Handler {
router.Use(cors.New(corsOptions).Handler) router.Use(cors.New(corsOptions).Handler)
// Login/logout router.Group(func(router chi.Router) {
router.Post("/login/irma", s.handleIrmaLogin) router.Use(server.SizeLimitMiddleware)
router.Post("/login/email", s.handleEmailLogin) router.Use(server.TimeoutMiddleware(nil, server.WriteTimeout))
router.Post("/login/token/candidates", s.handleGetCandidates)
router.Post("/login/token", s.handleTokenLogin)
router.Post("/logout", s.handleLogout)
// Email verification // Login/logout
router.Post("/verify", s.handleVerifyEmail) router.Post("/login/irma", s.handleIrmaLogin)
router.Post("/login/email", s.handleEmailLogin)
router.Post("/login/token/candidates", s.handleGetCandidates)
router.Post("/login/token", s.handleTokenLogin)
router.Post("/logout", s.handleLogout)
// Session management // Email verification
router.Post("/checksession", s.handleCheckSession) router.Post("/verify", s.handleVerifyEmail)
router.Group(func(router chi.Router) { // Session management
router.Use(s.sessionMiddleware) router.Post("/checksession", s.handleCheckSession)
// User account data router.Group(func(router chi.Router) {
router.Get("/user", s.handleUserInfo) router.Use(s.sessionMiddleware)
router.Get("/user/logs/{offset}", s.handleGetLogs)
router.Post("/user/delete", s.handleDeleteUser)
// Email address management // User account data
router.Post("/email/add", s.handleAddEmail) router.Get("/user", s.handleUserInfo)
router.Post("/email/remove", s.handleRemoveEmail) router.Get("/user/logs/{offset}", s.handleGetLogs)
router.Post("/user/delete", s.handleDeleteUser)
// Email address management
router.Post("/email/add", s.handleAddEmail)
router.Post("/email/remove", s.handleRemoveEmail)
})
}) })
// IRMA session server // IRMA session server
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment