Commit cb5b941a authored by Sietse Ringers's avatar Sietse Ringers
Browse files

feat: prevent large HTTP POST body and slow trickle requests DOS vectors in...

feat: prevent large HTTP POST body and slow trickle requests DOS vectors in keyshareserer and myirmaserver
parent 1bcb7bd9
......@@ -115,6 +115,10 @@ func (s *Server) Handler() http.Handler {
router.Use(server.LogMiddleware("keyshareserver", opts))
}
router.Group(func(router chi.Router) {
router.Use(server.SizeLimitMiddleware)
router.Use(server.TimeoutMiddleware(nil, server.WriteTimeout))
// Registration
router.Post("/client/register", s.handleRegister)
......@@ -130,6 +134,7 @@ func (s *Server) Handler() http.Handler {
router.Post("/prove/getCommitments", s.handleCommitments)
router.Post("/prove/getResponse", s.handleResponse)
})
})
// IRMA server for issuing myirma credential during registration
router.Mount("/irma/", s.sessionserver.HandlerFunc())
......
......@@ -87,6 +87,10 @@ func (s *Server) Handler() http.Handler {
router.Use(cors.New(corsOptions).Handler)
router.Group(func(router chi.Router) {
router.Use(server.SizeLimitMiddleware)
router.Use(server.TimeoutMiddleware(nil, server.WriteTimeout))
// Login/logout
router.Post("/login/irma", s.handleIrmaLogin)
router.Post("/login/email", s.handleEmailLogin)
......@@ -112,6 +116,7 @@ func (s *Server) Handler() http.Handler {
router.Post("/email/add", s.handleAddEmail)
router.Post("/email/remove", s.handleRemoveEmail)
})
})
// IRMA session server
router.Mount("/irma/", s.sessionserver.HandlerFunc())
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment