From 26431b2982e2cc72ad9aec7e7102efe8d4dad3d8 Mon Sep 17 00:00:00 2001
From: xwashere <xwashere0@protonmail.com>
Date: Thu, 26 Oct 2023 10:24:05 -0400
Subject: [PATCH] fix: oh god oh fuck oh god oh no oh

---
 backend/ratelimit.ts     | 17 +++++++++++------
 backend/routers/api.ts   | 11 ++++++++---
 backend/routers/index.ts |  2 +-
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/backend/ratelimit.ts b/backend/ratelimit.ts
index 0706ade..7e6a31d 100644
--- a/backend/ratelimit.ts
+++ b/backend/ratelimit.ts
@@ -7,12 +7,7 @@ import { rateLimit } from 'express-rate-limit';
  */
 const rateLimiterGroups = new Map<string, (req: Request, res: Response, next: NextFunction) => void>();
 
-/**
- * creates middleware for rate limiting
- */
-export const rateLimiterMiddleware = (group: string, config: EndpointRateLimitConfiguration | undefined): (req: Request, res: Response, next: NextFunction) => void => {
-    if (rateLimiterGroups.has(group)) return rateLimiterGroups.get(group)!;
-
+export const setRateLimiter = (group: string, config: EndpointRateLimitConfiguration | undefined): (req: Request, res: Response, next: NextFunction) => void => {
     if (config == null) { // config might be null if the user doesnt want a rate limit
         rateLimiterGroups.set(group, (req, res, next) => {
             next();
@@ -38,4 +33,14 @@ export const rateLimiterMiddleware = (group: string, config: EndpointRateLimitCo
 
         return rateLimiterGroups.get(group)!;
     }
+}
+/**
+ * creates middleware for rate limiting
+ */
+export const rateLimiterMiddleware = (group: string, config: EndpointRateLimitConfiguration | undefined): (req: Request, res: Response, next: NextFunction) => void => {
+    if (rateLimiterGroups.has(group)) setRateLimiter(group, config);
+
+    return (req, res, next) => {
+        return rateLimiterGroups.get(group)!(req, res, next);
+    };
 };
\ No newline at end of file
diff --git a/backend/routers/api.ts b/backend/routers/api.ts
index c43cfd2..c0d1ca5 100644
--- a/backend/routers/api.ts
+++ b/backend/routers/api.ts
@@ -7,7 +7,7 @@ import * as data from '../data';
 import { log } from '../log';
 import { nanoid } from '../generators';
 import { UserConfig } from '../UserConfig';
-import { rateLimiterMiddleware } from '../ratelimit';
+import { rateLimiterMiddleware, setRateLimiter } from '../ratelimit';
 import { DBManager } from '../sql/database';
 
 const router = Router({ caseSensitive: true });
@@ -30,6 +30,11 @@ router.post('/setup', BodyParserJson(), async (req, res) => {
 		if (UserConfig.config.sql?.mySql != null)
 			await Promise.all([DBManager.configure(), data.setDataModeToSql()]);
 
+		// set rate limits
+		if (UserConfig.config.rateLimit?.api)    setRateLimiter('api',    UserConfig.config.rateLimit.api);
+		if (UserConfig.config.rateLimit?.login)  setRateLimiter('login',  UserConfig.config.rateLimit.login);
+		if (UserConfig.config.rateLimit?.upload) setRateLimiter('upload', UserConfig.config.rateLimit.upload);
+
 		log.success('Setup', 'completed');
 
 		return res.json({ success: true });
@@ -39,7 +44,7 @@ router.post('/setup', BodyParserJson(), async (req, res) => {
 });
 
 // User login
-router.post('/login', rateLimiterMiddleware('login', UserConfig.config.rateLimit?.login), BodyParserJson(), (req, res) => {
+router.post('/login', rateLimiterMiddleware('login', UserConfig.config?.rateLimit?.login), BodyParserJson(), (req, res) => {
 	const { username, password } = req.body;
 
 	data.getAll('users')
@@ -69,7 +74,7 @@ router.post('/login', rateLimiterMiddleware('login', UserConfig.config.rateLimit
 });
 
 // todo: authenticate API endpoints
-router.post('/user', rateLimiterMiddleware('api', UserConfig.config.rateLimit?.api), BodyParserJson(), async (req, res) => {
+router.post('/user', rateLimiterMiddleware('api', UserConfig.config?.rateLimit?.api), BodyParserJson(), async (req, res) => {
 	if (!UserConfig.ready)
 		return res.status(409).json({ success: false, message: 'User config not ready' });
 
diff --git a/backend/routers/index.ts b/backend/routers/index.ts
index e49df5e..eed8d13 100644
--- a/backend/routers/index.ts
+++ b/backend/routers/index.ts
@@ -30,7 +30,7 @@ bb.extend(router, {
 router.get('/', (req, res) => UserConfig.ready ? res.render('index', { version: App.pkgVersion }) : res.redirect('/setup'));
 
 // Upload flow
-router.post('/', rateLimiterMiddleware("upload", UserConfig.config.rateLimit?.upload), async (req, res) => {
+router.post('/', rateLimiterMiddleware("upload", UserConfig.config?.rateLimit?.upload), async (req, res) => {
 
 	// Check user config
 	if (!UserConfig.ready) return res.status(500).type('text').send('Configuration missing!');