Merge branch 'main' into fix/dashreorder-dragdrop-stutter

fnschmidt · Aug 15, 2024 · 2aacc2c · 2aacc2c
2 parents c8192b4 + 7d64c42
commit 2aacc2c
Showing 1 changed file with 19 additions and 5 deletions.
diff --git a/src/routes/+page.server.ts b/src/routes/+page.server.ts
@@ -8,11 +8,16 @@ export const actions: Actions = {
 		const username = form.get('username');
 		const password = form.get('password');
 
+		// forward client IP (passed by reverse proxy) to API for rate limiting
+		// never stored, only a hashed form is kept in memory for up to 2 mins since last login
+		const x_fwd_for = request.headers.get('x-forwarded-for');
+
 		try {
 			const response = await fetch(`${env.CD_API_URL}/signin`, {
 				method: 'POST',
 				headers: {
-					'Content-Type': 'application/json'
+					'Content-Type': 'application/json',
+					...(x_fwd_for ? { 'X-Forwarded-For': x_fwd_for } : {})
 				},
 				body: JSON.stringify({
 					username: username,
@@ -22,10 +27,19 @@ export const actions: Actions = {
 
 			if (!response.ok) {
 				let message;
-				if (response.status === 429) {
-					message = 'Zu viele Anfragen';
-				} else {
-					message = 'Nutzer/Passwort ungültig';
+				switch (response.status) {
+					case 429:
+						message = 'Zu viele Anfragen';
+						break;
+					case 401:
+						message = 'Nutzer/Passwort ungültig';
+						break;
+					case 500:
+						message = `Interner Fehler (500): ${await response.text()}`;
+						break;
+					default:
+						message = `Unbekannter Fehler (${response.status}): (${await response.text()})`;
+						break;
 				}
 
 				return fail(401, {