mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-25 21:25:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

introduce strict rate limitso on auth router endpoints

Browse source
This commit is contained in:
miloschwartz 2025-07-14 18:00:41 -07:00
parent d6fdb38c22
commit b7df0b122d
No known key found for this signature in database
6 changed files with 236 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

20
server/apiServer.ts
View file

@ -6,13 +6,15 @@ import logger from "@server/logger";
import {
errorHandlerMiddleware,
notFoundMiddleware,
rateLimitMiddleware
} from "@server/middlewares";
import { authenticated, unauthenticated } from "@server/routers/external";
import { router as wsRouter, handleWSUpgrade } from "@server/routers/ws";
import { logIncomingMiddleware } from "./middlewares/logIncoming";
import { csrfProtectionMiddleware } from "./middlewares/csrfProtection";
import helmet from "helmet";
import rateLimit from "express-rate-limit";
import createHttpError from "http-errors";
import HttpCode from "./types/HttpCode";
const dev = config.isDev;
const externalPort = config.getRawConfig().server.external_port;
@ -56,11 +58,19 @@ export function createApiServer() {
if (!dev) {
apiServer.use(
rateLimitMiddleware({
windowMin:
config.getRawConfig().rate_limits.global.window_minutes,
rateLimit({
windowMs:
config.getRawConfig().rate_limits.global.window_minutes *
60 *
1000,
max: config.getRawConfig().rate_limits.global.max_requests,
type: "IP_AND_PATH"
keyGenerator: (req) => `apiServerGlobal:${req.ip}:${req.path}`,
handler: (req, res, next) => {
const message = `Rate limit exceeded. You can make ${config.getRawConfig().rate_limits.global.max_requests} requests every ${config.getRawConfig().rate_limits.global.window_minutes} minute(s).`;
return next(
createHttpError(HttpCode.TOO_MANY_REQUESTS, message)
);
}
})
);
}