Spacebar/docs
1
0
Fork 0
mirror of https://github.com/spacebarchat/docs.git synced 2024-11-25 03:33:05 +01:00
Code Issues Releases Activity

Prettier

Browse Source
This commit is contained in:
Madeline 2023-01-07 22:23:08 +11:00
parent 95cd64ebd2
commit c581cfd2dd
No known key found for this signature in database
GPG Key ID: 1958E017C36F2E47
5 changed files with 42 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/assets/extra.css
View File

@ -8,4 +8,4 @@
.md-grid {
max-width: 65rem;
}
}

2
docs/assets/swagger.css
View File

@ -1,3 +1,3 @@
html {
overflow-y: auto !important;
}
}

30
docs/setup/server/security/captcha.md
View File

@ -4,22 +4,22 @@ Fosscord currently supports two CAPTCHA providers; reCAPTCHA and hCaptcha.
=== "hCaptcha"
1. Navigate to [https://www.hcaptcha.com/](https://www.hcaptcha.com/)
2. Create an account - `Add hCaptcha for Publishers to my website or app`
3. Copy your `sitekey` to the [config](../configuration/index.md) `security_captcha_sitekey` value, wrapped in quotes
4. Copy your `secret` to the config `security_captcha_secret` value, wrapped in quotes
5. Set the config `security_captcha_service` value to `"hcaptcha"`
6. Set the `security_captcha_enabled` value to `true`, *not* wrapped in quotes.
1. Navigate to [https://www.hcaptcha.com/](https://www.hcaptcha.com/)
2. Create an account - `Add hCaptcha for Publishers to my website or app`
3. Copy your `sitekey` to the [config](../configuration/index.md) `security_captcha_sitekey` value, wrapped in quotes
4. Copy your `secret` to the config `security_captcha_secret` value, wrapped in quotes
5. Set the config `security_captcha_service` value to `"hcaptcha"`
6. Set the `security_captcha_enabled` value to `true`, *not* wrapped in quotes.
=== "reCAPTCHA"
1. Navigate to [https://www.google.com/u/1/recaptcha/admin/create](https://www.google.com/u/1/recaptcha/admin/create)
2. Fill in your websites details
3. Select `reCAPTCHA v2` -> `"I'm not a robot" Checkbox`
4. Add your domain. For example, `staging.fosscord.com`. Go to the next screen.
5. Copy your `sitekey` to the [config](../configuration/index.md) `security_captcha_sitekey` value, wrapped in quotes
6. Copy your `secret` to the config `security_captcha_secret` value, wrapped in quotes
7. Set the config `security_captcha_service` value to `"recaptcha"`
8. Set the `security_captcha_enabled` value to `true`, *not* wrapped in quotes.
1. Navigate to [https://www.google.com/u/1/recaptcha/admin/create](https://www.google.com/u/1/recaptcha/admin/create)
2. Fill in your websites details
3. Select `reCAPTCHA v2` -> `"I'm not a robot" Checkbox`
4. Add your domain. For example, `staging.fosscord.com`. Go to the next screen.
5. Copy your `sitekey` to the [config](../configuration/index.md) `security_captcha_sitekey` value, wrapped in quotes
6. Copy your `secret` to the config `security_captcha_secret` value, wrapped in quotes
7. Set the config `security_captcha_service` value to `"recaptcha"`
8. Set the `security_captcha_enabled` value to `true`, *not* wrapped in quotes.
reCAPTCHA v3 and other v2 types may or may not work.
reCAPTCHA v3 and other v2 types may or may not work.

28
docs/setup/server/security/limits.md
View File

@ -2,15 +2,15 @@
Fosscord has various forms of rate limiting built in. If you are logged in, you can bypass these with the `BYPASS_RATE_LIMITS` [right](rights.md)
* Absolute rate limits, which effect all requests to a route regardless of source (`limits_absoluteRate_*`)
* User or IP specific rate limits (`limits_rate_*`)
- Absolute rate limits, which effect all requests to a route regardless of source (`limits_absoluteRate_*`)
- User or IP specific rate limits (`limits_rate_*`)
## Absolute ratelimiting
There are currently two types of absolute rate limiting:
* `limits_absoluteRate_register_*` - Controls the absolute count of registrations allowed within a window. Useful for mitigating registration spam, in addition to [captchas](captcha.md)
* `limits_absoluteRate_sendMessage_*` - Controls the absolute count of messages allowed to be sent within a window.
- `limits_absoluteRate_register_*` - Controls the absolute count of registrations allowed within a window. Useful for mitigating registration spam, in addition to [captchas](captcha.md)
- `limits_absoluteRate_sendMessage_*` - Controls the absolute count of messages allowed to be sent within a window.
Absolute rate limits do not consider the source of the request, only the total number of requests instance-wide.
@ -20,14 +20,14 @@ Both of the above are individually enabled.
These rate limits are enabled with a single toggle (`limits_rate_enabled`)
* `limits_rate_ip_*` - Controls the count of requests to any endpoint from a single IP over some window.
* `limits_rate_global_*` - Number of requests to any endpoint for the same user and IP
* `limits_rate_error_*` - Number of errors allowed per window for an IP
* `limits_rate_routes_guild_*` - Guild related requests for same user and IP
* `limits_rate_routes_webhook_*` - Webhook related requests for same user and IP
* `limits_rate_routes_channel_*` - Channel related requests for same user and IP
* `limits_rate_routes_auth_login_*` - Login requests for same user and IP
* `limits_rate_routes_auth_register_*` - Register requests (successful only) for same IP
- `limits_rate_ip_*` - Controls the count of requests to any endpoint from a single IP over some window.
- `limits_rate_global_*` - Number of requests to any endpoint for the same user and IP
- `limits_rate_error_*` - Number of errors allowed per window for an IP
- `limits_rate_routes_guild_*` - Guild related requests for same user and IP
- `limits_rate_routes_webhook_*` - Webhook related requests for same user and IP
- `limits_rate_routes_channel_*` - Channel related requests for same user and IP
- `limits_rate_routes_auth_login_*` - Login requests for same user and IP
- `limits_rate_routes_auth_register_*` - Register requests (successful only) for same IP
## What do you mean by window and count?
@ -35,8 +35,10 @@ Each ratelimiter accepts a `window` and `count`. The rate limiter tracks the num
If number of requests within the last `window` seconds exceeds the `count` set, it will block the request.
For example, setting:
```
limits_rate_ip_count = 10
limits_rate_ip_window = 1
```
will prevent all requests to any API endpoints from an IP if they exceed 10 requests in 1 second.
will prevent all requests to any API endpoints from an IP if they exceed 10 requests in 1 second.

19
docs/setup/server/security/regTokens.md
View File

@ -2,18 +2,19 @@
Registration tokens are a one-time use token for allowing a new user registration to bypass various restrictions:
* Bypass `register_allowNewRegistrations = false`
* Bypass `register_disabled = true`
* Bypass [captchas](captcha.md)
* Bypass `register_allowMultipleAccounts = false`
* Bypass `register_blockProxies = true`
* Bypass `register_requireInvite = true`
* Bypass `register_guestsRequireInvite = true`
* Bypass [absolute register rate limits](limits.md)
- Bypass `register_allowNewRegistrations = false`
- Bypass `register_disabled = true`
- Bypass [captchas](captcha.md)
- Bypass `register_allowMultipleAccounts = false`
- Bypass `register_blockProxies = true`
- Bypass `register_requireInvite = true`
- Bypass `register_guestsRequireInvite = true`
- Bypass [absolute register rate limits](limits.md)
To create a registration token, send a GET request to `/auth/generate-registration-tokens/` as an account with `OPERATOR` [rights](rights.md)
To use a registration token, append `?token={your registration token}` to the register route. For example
```
https://staging.fosscord.com/register?token=some token
```
```