From e1513bf98d26b5a6a238e60aa6e097ebfa6b1e11 Mon Sep 17 00:00:00 2001
From: Hugh Rundle <hugh@hughrundle.net>
Date: Fri, 14 Oct 2022 21:53:51 +1100
Subject: [PATCH] amend nginx rate limiting urls

---
 bookwyrm/urls.py  | 4 ++--
 nginx/development | 2 +-
 nginx/production  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bookwyrm/urls.py b/bookwyrm/urls.py
index dbe6c8609..3838619e7 100644
--- a/bookwyrm/urls.py
+++ b/bookwyrm/urls.py
@@ -500,12 +500,12 @@ urlpatterns = [
         name="disable-2fa",
     ),
     re_path(
-        r"^login-2FA-check/?$",
+        r"^2fa-check/?$",
         views.LoginWith2FA.as_view(),
         name="login-with-2fa",
     ),
     re_path(
-        r"^login-2FA-prompt/?$",
+        r"^2fa-prompt/?$",
         views.Prompt2FA.as_view(),
         name="prompt-2fa",
     ),
diff --git a/nginx/development b/nginx/development
index fbb25c1b2..4a7896249 100644
--- a/nginx/development
+++ b/nginx/development
@@ -7,7 +7,7 @@ upstream web {
 server {
     listen 80;
 
-    location ~ ^/(login|password-reset|resend-link) {
+    location ~ ^/(login[^-]|password-reset|resend-link|2fa-check) {
         limit_req zone=loginlimit;
 
         proxy_pass http://web;
diff --git a/nginx/production b/nginx/production
index 3a3aeb7dd..b74fe409c 100644
--- a/nginx/production
+++ b/nginx/production
@@ -41,7 +41,7 @@ server {
 #         root /var/www/certbot;
 #     }
 #
-#     location ~ ^/(login|password-reset|resend-link) {
+#     location ~ ^/(login[^-]|password-reset|resend-link|2fa-check) {
 #         limit_req zone=loginlimit;
 #
 #         proxy_pass http://web;