File tree Expand file tree Collapse file tree 1 file changed +9
-3
lines changed
Expand file tree Collapse file tree 1 file changed +9
-3
lines changed Original file line number Diff line number Diff line change @@ -77,13 +77,19 @@ class Attack
7777 end
7878
7979 # Throttle registration — 10/hour per IP to allow shared NAT (office, household)
80+ # Uses X-Forwarded-For when present (Next.js proxy repassa o IP real do cliente)
8081 throttle ( 'register/ip' , limit : 10 , period : 1 . hour ) do |req |
81- req . ip if req . path == '/api/v1/auth/register' && req . post?
82+ next unless req . path == '/api/v1/auth/register' && req . post?
83+
84+ req . env [ 'HTTP_X_FORWARDED_FOR' ] &.split ( ',' ) &.first &.strip || req . ip
8285 end
8386
84- # Throttle player self-registration (ArenaBR) — 5/hour, mais restrito que staff
87+ # Throttle player self-registration (ArenaBR) — 5/hour por IP real do cliente
88+ # Uses X-Forwarded-For when present (Next.js proxy repassa o IP real do cliente)
8589 throttle ( 'player-register/ip' , limit : 5 , period : 1 . hour ) do |req |
86- req . ip if req . path == '/api/v1/auth/player-register' && req . post?
90+ next unless req . path == '/api/v1/auth/player-register' && req . post?
91+
92+ req . env [ 'HTTP_X_FORWARDED_FOR' ] &.split ( ',' ) &.first &.strip || req . ip
8793 end
8894
8995 # Throttle player login — mesma política que login de staff
You can’t perform that action at this time.
0 commit comments