moved ratelimit to upload only... again

pull/22/head
tycrek 4 years ago
parent c1dcdbcf07
commit 6e6b07433f
No known key found for this signature in database
GPG Key ID: 25D74F3943625263

@ -13,7 +13,6 @@ const { host, port, useSsl, diskFilePath, isProxied } = require('./config.json')
const fs = require('fs-extra'); const fs = require('fs-extra');
const express = require('express'); const express = require('express');
const helmet = require('helmet'); const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const uploadRouter = require('./routers/upload'); const uploadRouter = require('./routers/upload');
const resourceRouter = require('./routers/resource'); const resourceRouter = require('./routers/resource');
const { path, log } = require('./utils'); const { path, log } = require('./utils');
@ -57,12 +56,6 @@ app.use(helmet.referrerPolicy());
app.use(helmet.dnsPrefetchControl()); app.use(helmet.dnsPrefetchControl());
useSsl && app.use(helmet.hsts({ preload: true })); // skipcq: JS-0093 useSsl && app.use(helmet.hsts({ preload: true })); // skipcq: JS-0093
// Rate limit middleware
app.use(rateLimit({
windowMs: 1000 * 60, // 60 seconds // skipcq: JS-0074
max: 90 // Limit each IP to 30 requests per windowMs // skipcq: JS-0074
}));
// Don't process favicon requests (custom middleware) // Don't process favicon requests (custom middleware)
app.use((req, res, next) => (req.url.includes('favicon.ico') ? res.sendStatus(CODE_NO_CONTENT) : next())); app.use((req, res, next) => (req.url.includes('favicon.ico') ? res.sendStatus(CODE_NO_CONTENT) : next()));

@ -1,5 +1,6 @@
const fs = require('fs-extra'); const fs = require('fs-extra');
const marked = require('marked'); const marked = require('marked');
const rateLimit = require('express-rate-limit');
const { DateTime } = require('luxon'); const { DateTime } = require('luxon');
const { WebhookClient, MessageEmbed } = require('discord.js'); const { WebhookClient, MessageEmbed } = require('discord.js');
const { doUpload, processUploaded } = require('../storage'); const { doUpload, processUploaded } = require('../storage');
@ -21,6 +22,12 @@ router.get('/', (_req, res, next) =>
.then((d) => res.render('index', { data: d })) .then((d) => res.render('index', { data: d }))
.catch(next)); .catch(next));
// Rate limit middleware
router.use('/', rateLimit({
windowMs: 1000 * 60, // 60 seconds // skipcq: JS-0074
max: 90 // Limit each IP to 30 requests per windowMs // skipcq: JS-0074
}));
// Block unauthorized requests and attempt token sanitization // Block unauthorized requests and attempt token sanitization
router.post('/', (req, res, next) => { router.post('/', (req, res, next) => {
req.headers.authorization = req.headers.authorization || ''; req.headers.authorization = req.headers.authorization || '';

Loading…
Cancel
Save