fix: oh god oh fuck oh god oh no oh

backend/ratelimit.ts

@@ -7,12 +7,7 @@ import { rateLimit } from 'express-rate-limit';
  */
 const rateLimiterGroups = new Map<string, (req: Request, res: Response, next: NextFunction) => void>();
 
-/**
- * creates middleware for rate limiting
- */
-export const rateLimiterMiddleware = (group: string, config: EndpointRateLimitConfiguration | undefined): (req: Request, res: Response, next: NextFunction) => void => {
-    if (rateLimiterGroups.has(group)) return rateLimiterGroups.get(group)!;
-
+export const setRateLimiter = (group: string, config: EndpointRateLimitConfiguration | undefined): (req: Request, res: Response, next: NextFunction) => void => {
     if (config == null) { // config might be null if the user doesnt want a rate limit
         rateLimiterGroups.set(group, (req, res, next) => {
             next();
@@ -38,4 +33,14 @@ export const rateLimiterMiddleware = (group: string, config: EndpointRateLimitCo
 
         return rateLimiterGroups.get(group)!;
     }
+}
+/**
+ * creates middleware for rate limiting
+ */
+export const rateLimiterMiddleware = (group: string, config: EndpointRateLimitConfiguration | undefined): (req: Request, res: Response, next: NextFunction) => void => {
+    if (rateLimiterGroups.has(group)) setRateLimiter(group, config);
+
+    return (req, res, next) => {
+        return rateLimiterGroups.get(group)!(req, res, next);
+    };
 };

backend/routers/api.ts

@@ -7,7 +7,7 @@ import * as data from '../data';
 import { log } from '../log';
 import { nanoid } from '../generators';
 import { UserConfig } from '../UserConfig';
-import { rateLimiterMiddleware } from '../ratelimit';
+import { rateLimiterMiddleware, setRateLimiter } from '../ratelimit';
 import { DBManager } from '../sql/database';
 
 const router = Router({ caseSensitive: true });
@@ -30,6 +30,11 @@ router.post('/setup', BodyParserJson(), async (req, res) => {
 		if (UserConfig.config.sql?.mySql != null)
 			await Promise.all([DBManager.configure(), data.setDataModeToSql()]);
 
+		// set rate limits
+		if (UserConfig.config.rateLimit?.api)    setRateLimiter('api',    UserConfig.config.rateLimit.api);
+		if (UserConfig.config.rateLimit?.login)  setRateLimiter('login',  UserConfig.config.rateLimit.login);
+		if (UserConfig.config.rateLimit?.upload) setRateLimiter('upload', UserConfig.config.rateLimit.upload);
+
 		log.success('Setup', 'completed');
 
 		return res.json({ success: true });
@@ -39,7 +44,7 @@ router.post('/setup', BodyParserJson(), async (req, res) => {
 });
 
 // User login
-router.post('/login', rateLimiterMiddleware('login', UserConfig.config.rateLimit?.login), BodyParserJson(), (req, res) => {
+router.post('/login', rateLimiterMiddleware('login', UserConfig.config?.rateLimit?.login), BodyParserJson(), (req, res) => {
 	const { username, password } = req.body;
 
 	data.getAll('users')
@@ -69,7 +74,7 @@ router.post('/login', rateLimiterMiddleware('login', UserConfig.config.rateLimit
 });
 
 // todo: authenticate API endpoints
-router.post('/user', rateLimiterMiddleware('api', UserConfig.config.rateLimit?.api), BodyParserJson(), async (req, res) => {
+router.post('/user', rateLimiterMiddleware('api', UserConfig.config?.rateLimit?.api), BodyParserJson(), async (req, res) => {
 	if (!UserConfig.ready)
 		return res.status(409).json({ success: false, message: 'User config not ready' });
 

backend/routers/index.ts

@@ -30,7 +30,7 @@ bb.extend(router, {
 router.get('/', (req, res) => UserConfig.ready ? res.render('index', { version: App.pkgVersion }) : res.redirect('/setup'));
 
 // Upload flow
-router.post('/', rateLimiterMiddleware("upload", UserConfig.config.rateLimit?.upload), async (req, res) => {
+router.post('/', rateLimiterMiddleware("upload", UserConfig.config?.rateLimit?.upload), async (req, res) => {
 
 	// Check user config
 	if (!UserConfig.ready) return res.status(500).type('text').send('Configuration missing!');