Add DDoS protection (#308)

* Add and configure rack-attack gem * Limit number of tenant registrations with same email address * Limit requests to tenants#create by IP
2025-12-15 19:27:52 +01:00 · 2024-03-14 22:43:37 +01:00
parent e34e3f1aba
commit 336adb9bfd
4 changed files with 83 additions and 0 deletions
--- a/app/controllers/tenants_controller.rb
+++ b/app/controllers/tenants_controller.rb
@@ -29,6 +29,10 @@ class TenantsController < ApplicationController
        @tenant.status = "active" # no need to verify email address if logged in with oauth
      end

+      # Check how many times this email registered a tenant
+      already_registered_tenants = User.unscoped.where(email: params[:user][:email], role: User.roles[:owner]).count
+      raise "Too many tenants registered by email" unless already_registered_tenants < 3
+
      @tenant.save!
      Current.tenant = @tenant