PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-26 08:39:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: mandatory auto-generated passwords for share links + admin password copy/regeneration + password gate rate limiting

Browse Source
This commit is contained in:
Pontoporeia
2026-05-12 13:50:13 +02:00
parent 8bb0b3a1f2
commit 9152b120e8
15 changed files with 294 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/public/partage/index.php
View File

@@ -189,6 +189,18 @@ function requirePasswordGate(array $link, string $slug): void
{
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['share_password'])) {
error_log('[partage/password-gate] ENTRY | slug=' . $slug . ' | post_keys=' . implode(',', array_keys($_POST)));
// ── Rate limiting: 10 attempts per IP per slug per 5 minutes ──────
require_once APP_ROOT . '/src/RateLimit.php';
$gateRateLimitId = 'share_gate_' . $slug . '_' . ($_SERVER['REMOTE_ADDR'] ?? 'unknown');
$gateRateLimit = new RateLimit(10, 300, STORAGE_ROOT . '/cache/rate_limit');
if (!$gateRateLimit->checkKey($gateRateLimitId)) {
error_log('[ShareLink] Rate limit hit for password gate slug=' . $slug);
$_SESSION['_flash_error'] = 'Trop de tentatives. Veuillez réessayer dans quelques minutes.';
header('Location: /partage/' . $slug);
exit;
}
require_once APP_ROOT . '/src/ShareLink.php';
$shareLinkModel = new ShareLink(Database::getInstance());