From 22e58c9c0ec9598f2f2ad9eff0701d454e1c67f3 Mon Sep 17 00:00:00 2001
From: Roland Osborne <roland.osborne@gmail.com>
Date: Sat, 10 Sep 2022 02:20:32 -0700
Subject: [PATCH] throttle requests on failed token

---
 net/server/internal/api_addAccount.go         | 2 ++
 net/server/internal/api_getAccountUsername.go | 3 +--
 net/server/internal/api_setAccountAccess.go   | 2 ++
 net/server/internal/appValues.go              | 4 ++--
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/net/server/internal/api_addAccount.go b/net/server/internal/api_addAccount.go
index 8aac127c..37c5d0dd 100644
--- a/net/server/internal/api_addAccount.go
+++ b/net/server/internal/api_addAccount.go
@@ -5,6 +5,7 @@ import (
 	"databag/internal/store"
 	"encoding/hex"
 	"errors"
+  "time"
 	"gorm.io/gorm"
 	"net/http"
 	"os"
@@ -19,6 +20,7 @@ func AddAccount(w http.ResponseWriter, r *http.Request) {
 	if r.FormValue("token") != "" {
 		token, _, res = AccessToken(r)
 		if res != nil || token.TokenType != APPTokenCreate {
+      time.Sleep(APPUsernameWait * time.Millisecond);
 			ErrResponse(w, http.StatusUnauthorized, res)
 			return
 		}
diff --git a/net/server/internal/api_getAccountUsername.go b/net/server/internal/api_getAccountUsername.go
index 4afe703f..fa021f0a 100644
--- a/net/server/internal/api_getAccountUsername.go
+++ b/net/server/internal/api_getAccountUsername.go
@@ -15,11 +15,10 @@ type accountUsername struct {
 //GetAccountUsername determines if username is assignable
 func GetAccountUsername(w http.ResponseWriter, r *http.Request) {
 
-  time.Sleep(APPUsernameWait * time.Millisecond);
-
 	if r.FormValue("token") != "" {
 		token, _, res := AccessToken(r)
 		if res != nil || token.TokenType != APPTokenCreate {
+      time.Sleep(APPUsernameWait * time.Second);
 			ErrResponse(w, http.StatusUnauthorized, res)
 			return
 		}
diff --git a/net/server/internal/api_setAccountAccess.go b/net/server/internal/api_setAccountAccess.go
index ad79d38a..c2962bc1 100644
--- a/net/server/internal/api_setAccountAccess.go
+++ b/net/server/internal/api_setAccountAccess.go
@@ -4,6 +4,7 @@ import (
 	"databag/internal/store"
 	"encoding/hex"
 	"errors"
+  "time"
 	"github.com/theckman/go-securerandom"
 	"gorm.io/gorm"
 	"net/http"
@@ -14,6 +15,7 @@ func SetAccountAccess(w http.ResponseWriter, r *http.Request) {
 
 	token, _, res := AccessToken(r)
 	if res != nil || token.TokenType != APPTokenReset {
+    time.Sleep(APPUsernameWait * time.Millisecond);
 		ErrResponse(w, http.StatusUnauthorized, res)
 		return
 	}
diff --git a/net/server/internal/appValues.go b/net/server/internal/appValues.go
index 8ba2eb77..efb50398 100644
--- a/net/server/internal/appValues.go
+++ b/net/server/internal/appValues.go
@@ -96,8 +96,8 @@ const APPTokenReset = "reset"
 //APPNotifyBuffer config for size of channel reciving notifications
 const APPNotifyBuffer = 4096
 
-//APPUsernameWait milliseconds to delay response
-const APPUsernameWait = 333
+//APPUsernameWait seconds to delay response
+const APPUsernameWait = 1
 
 //APPTopicUnconfirmed config for status name for unconfirmed
 const APPTopicUnconfirmed = "unconfirmed"