open-source-mirrors
/
ass
mirror of https://github.com/tycrek/ass
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added shitty basic rate limiting (CodeQL)

Browse Source
pull/146/head
tycrek 2 years ago
parent 9c718b3384
commit e34a980106
No known key found for this signature in database
GPG Key ID: 25D74F3943625263
3 changed files with 81 additions and 0 deletions
Show Stats Download Patch File Download Diff File

61
package-lock.json generated
Unescape View File

@ -25,6 +25,7 @@
"discord-webhook-node": "^1.1.8",
"escape-html": "^1.0.3",
"express": "^4.17.3",
"express-brute": "^1.0.1",
"express-busboy": "^8.0.2",
"ffmpeg-static": "^4.4.0",
"fs-extra": "^10.0.1",
@ -46,6 +47,7 @@
"devDependencies": {
"@types/escape-html": "^1.0.1",
"@types/express": "^4.17.13",
"@types/express-brute": "^1.0.1",
"@types/express-busboy": "^8.0.0",
"@types/ffmpeg-static": "^3.0.0",
"@types/fs-extra": "^9.0.12",
@ -512,6 +514,15 @@
"@types/serve-static": "*"
}
},
"node_modules/@types/express-brute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/@types/express-brute/-/express-brute-1.0.1.tgz",
"integrity": "sha512-rG4YWh+tIDvwupiPwuLaz0fEpFE7ShLOX59ZdejMQ4jYlshmxtN5KjB7VFGsggk4TmeVnoHF7QrwLwan2wj8cg==",
"dev": true,
"dependencies": {
"@types/express": "*"
}
},
"node_modules/@types/express-busboy": {
"version": "8.0.0",
"resolved": "https://registry.npmjs.org/@types/express-busboy/-/express-busboy-8.0.0.tgz",
@ -2131,6 +2142,18 @@
"node": ">= 0.10.0"
}
},
"node_modules/express-brute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/express-brute/-/express-brute-1.0.1.tgz",
"integrity": "sha512-ieZmwox3oIZdQCVjvvnwQvrKQumWdb/JjmC9mWplF42AuHCBXr6Yk/I+nLTRQx+9F+2aapOW9kYLwA6xIlwA9g==",
"dependencies": {
"long-timeout": "~0.1.1",
"underscore": "~1.8.3"
},
"peerDependencies": {
"express": "4.x"
}
},
"node_modules/express-busboy": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/express-busboy/-/express-busboy-8.0.2.tgz",
@ -2968,6 +2991,11 @@
"lodash._baseuniq": "~4.6.0"
}
},
"node_modules/long-timeout": {
"version": "0.1.1",
"resolved": "https://registry.npmjs.org/long-timeout/-/long-timeout-0.1.1.tgz",
"integrity": "sha512-BFRuQUqc7x2NWxfJBCyUrN8iYUYznzL9JROmRz1gZ6KlOIgmoD+njPVbb+VNn2nGMKggMsK79iUNErillsrx7w=="
},
"node_modules/lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@ -5204,6 +5232,11 @@
"node": ">=4.2.0"
}
},
"node_modules/underscore": {
"version": "1.8.3",
"resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
"integrity": "sha512-5WsVTFcH1ut/kkhAaHf4PVgI8c7++GiVcpCGxPouI6ZVjsqPnSDf8h/8HtVqc0t4fzRXwnMK70EcZeAs3PIddg=="
},
"node_modules/universalify": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
@ -5859,6 +5892,15 @@
"@types/serve-static": "*"
}
},
"@types/express-brute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/@types/express-brute/-/express-brute-1.0.1.tgz",
"integrity": "sha512-rG4YWh+tIDvwupiPwuLaz0fEpFE7ShLOX59ZdejMQ4jYlshmxtN5KjB7VFGsggk4TmeVnoHF7QrwLwan2wj8cg==",
"dev": true,
"requires": {
"@types/express": "*"
}
},
"@types/express-busboy": {
"version": "8.0.0",
"resolved": "https://registry.npmjs.org/@types/express-busboy/-/express-busboy-8.0.0.tgz",
@ -7128,6 +7170,15 @@
"vary": "~1.1.2"
}
},
"express-brute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/express-brute/-/express-brute-1.0.1.tgz",
"integrity": "sha512-ieZmwox3oIZdQCVjvvnwQvrKQumWdb/JjmC9mWplF42AuHCBXr6Yk/I+nLTRQx+9F+2aapOW9kYLwA6xIlwA9g==",
"requires": {
"long-timeout": "~0.1.1",
"underscore": "~1.8.3"
}
},
"express-busboy": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/express-busboy/-/express-busboy-8.0.2.tgz",
@ -7787,6 +7838,11 @@
"lodash._baseuniq": "~4.6.0"
}
},
"long-timeout": {
"version": "0.1.1",
"resolved": "https://registry.npmjs.org/long-timeout/-/long-timeout-0.1.1.tgz",
"integrity": "sha512-BFRuQUqc7x2NWxfJBCyUrN8iYUYznzL9JROmRz1gZ6KlOIgmoD+njPVbb+VNn2nGMKggMsK79iUNErillsrx7w=="
},
"lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@ -9373,6 +9429,11 @@
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz",
"integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw=="
},
"underscore": {
"version": "1.8.3",
"resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
"integrity": "sha512-5WsVTFcH1ut/kkhAaHf4PVgI8c7++GiVcpCGxPouI6ZVjsqPnSDf8h/8HtVqc0t4fzRXwnMK70EcZeAs3PIddg=="
},
"universalify": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",

2
package.json
Unescape View File

@ -54,6 +54,7 @@
"discord-webhook-node": "^1.1.8",
"escape-html": "^1.0.3",
"express": "^4.17.3",
"express-brute": "^1.0.1",
"express-busboy": "^8.0.2",
"ffmpeg-static": "^4.4.0",
"fs-extra": "^10.0.1",
@ -75,6 +76,7 @@
"devDependencies": {
"@types/escape-html": "^1.0.1",
"@types/express": "^4.17.13",
"@types/express-brute": "^1.0.1",
"@types/express-busboy": "^8.0.0",
"@types/ffmpeg-static": "^3.0.0",
"@types/fs-extra": "^9.0.12",

18
src/ass.ts
Unescape View File

@ -58,6 +58,24 @@ app.disable('x-powered-by');
app.set('trust proxy', isProxied);
app.set('view engine', 'pug');
// Rate limiting using express-brute
// ! Notice !
// The rate limiting used here is very trivial and should be used with caution.
// I plan to improve this in the future somehow (possibly with redis, who knows).
// - tycrek, 2022-08-18
// todo: fix this eventually
import ExpressBrute from 'express-brute';
const bruteforce = new ExpressBrute(new ExpressBrute.MemoryStore(), {
freeRetries: 50,
minWait: 50, // 50ms
maxWait: 500, // 500ms
lifetime: 5, // 5 seconds
failCallback: (req, res, next, nextValidRequestDate) => res.sendStatus(429),
});
// Routes to protect
app.get(['/'], bruteforce.prevent, (req, res, next) => next());
// Express logger middleware
app.use(log.middleware());

Write Preview
Loading…
Cancel
Save