Mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/wukko/cobalt.git synced 2025-02-24 03:58:49 +01:00
Code Issues Projects Releases Packages Wiki Activity

api/core: add rate limiter for session

Browse source
This commit is contained in:
dumbmoron 2024-10-04 17:02:00 +00:00
parent 38fcee4a50
commit 418602ca87
No known key found for this signature in database
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
api/src/core/api.js
View file

@ -67,6 +67,15 @@ export const runAPI = (express, app, __dirname) => {
return res.status(status).json(body); return res.status(status).json(body);
}; };
const sessionLimiter = rateLimit({
windowMs: 60000,
max: 10,
standardHeaders: true,
legacyHeaders: false,
keyGenerator: req => generateHmac(getIP(req), ipSalt),
handler: handleRateExceeded
});
const apiLimiter = rateLimit({ const apiLimiter = rateLimit({
windowMs: env.rateLimitWindow * 1000, windowMs: env.rateLimitWindow * 1000,
max: env.rateLimitMax, max: env.rateLimitMax,
@ -159,7 +168,7 @@ export const runAPI = (express, app, __dirname) => {
next(); next();
}); });
app.post("/session", async (req, res) => { app.post("/session", sessionLimiter, async (req, res) => {
if (!env.sessionEnabled) { if (!env.sessionEnabled) {
return fail(res, "error.api.auth.not_configured") return fail(res, "error.api.auth.not_configured")
} }