diff --git a/Dockerfile b/Dockerfile
index a0b77da..cee26ac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,6 +13,7 @@ FROM golang:alpine
RUN apk add postgresql-client
COPY --from=nexus-server /dist /nexus/server
+COPY ./templates /templates
EXPOSE 8444
diff --git a/pkg/internal/web/server.go b/pkg/internal/web/server.go
index baece04..fc1481a 100644
--- a/pkg/internal/web/server.go
+++ b/pkg/internal/web/server.go
@@ -12,6 +12,7 @@ import (
"github.com/gofiber/fiber/v2/middleware/idempotency"
"github.com/gofiber/fiber/v2/middleware/limiter"
"github.com/rs/zerolog/log"
+ "github.com/samber/lo"
"github.com/spf13/viper"
)
@@ -51,6 +52,17 @@ func NewServer() *WebApp {
Max: viper.GetInt("rate_limit"),
Expiration: 60 * time.Second,
LimiterMiddleware: limiter.SlidingWindow{},
+ Next: func(c *fiber.Ctx) bool {
+ return lo.Contains([]string{"GET", "HEAD", "OPTIONS", "CONNECT", "TRACE"}, c.Method())
+ },
+ }))
+ app.Use(limiter.New(limiter.Config{
+ Max: viper.GetInt("rate_limit_advance"),
+ Expiration: 60 * time.Second,
+ LimiterMiddleware: limiter.SlidingWindow{},
+ Next: func(c *fiber.Ctx) bool {
+ return lo.Contains([]string{"POST", "PUT", "DELETE", "PATCH"}, c.Method())
+ },
}))
api.MapControllers(app)
diff --git a/settings.toml b/settings.toml
index ce81b77..ba9ef4e 100644
--- a/settings.toml
+++ b/settings.toml
@@ -3,6 +3,7 @@ grpc_bind = "0.0.0.0:7001"
domain = "localhost"
rate_limit = 120
+rate_limit_advance = 60
[debug]
database = false
@@ -25,3 +26,8 @@ internal_private_key = "keys/internal_private_key.pem"
[watchtower]
database_backups = "./backups"
+
+[captcha]
+provider = "turnstile"
+api_key = ""
+api_secret = ""
diff --git a/templates/captcha.tmpl b/templates/captcha.tmpl
new file mode 100644
index 0000000..dc7b940
--- /dev/null
+++ b/templates/captcha.tmpl
@@ -0,0 +1,96 @@
+
+
+
+
+
+ Cloudflare Turnstile
+
+
+
+
+
+
+
+
+