diff --git a/api/package.json b/api/package.json index 6867c37d..3a104158 100644 --- a/api/package.json +++ b/api/package.json @@ -31,7 +31,7 @@ "dotenv": "^16.0.1", "esbuild": "^0.14.51", "express": "^4.21.0", - "express-rate-limit": "^6.3.0", + "express-rate-limit": "^7.4.1", "ffmpeg-static": "^5.1.0", "hls-parser": "^0.10.7", "ipaddr.js": "2.2.0", diff --git a/api/src/core/api.js b/api/src/core/api.js index 2fa30cea..1d4370e9 100644 --- a/api/src/core/api.js +++ b/api/src/core/api.js @@ -68,31 +68,33 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => { return res.status(status).json(body); }; + const keyGenerator = (req) => hashHmac(getIP(req), 'rate').toString('base64url'); + const sessionLimiter = rateLimit({ windowMs: 60000, - max: 10, - standardHeaders: true, + limit: 10, + standardHeaders: 'draft-6', legacyHeaders: false, - keyGenerator: req => hashHmac(getIP(req), 'rate'), + keyGenerator, handler: handleRateExceeded }); const apiLimiter = rateLimit({ windowMs: env.rateLimitWindow * 1000, - max: (req) => req.rateLimitMax || env.rateLimitMax, - standardHeaders: true, + limit: (req) => req.rateLimitMax || env.rateLimitMax, + standardHeaders: 'draft-6', legacyHeaders: false, - keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'), + keyGenerator: req => req.rateLimitKey || keyGenerator(req), handler: handleRateExceeded }) const apiTunnelLimiter = rateLimit({ windowMs: env.rateLimitWindow * 1000, - max: (req) => req.rateLimitMax || env.rateLimitMax, - standardHeaders: true, + limit: (req) => req.rateLimitMax || env.rateLimitMax, + standardHeaders: 'draft-6', legacyHeaders: false, - keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'), - handler: (req, res) => { + keyGenerator: req => req.rateLimitKey || keyGenerator(req), + handler: (_, res) => { return res.sendStatus(429) } }) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 3f095749..9283338a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -32,8 +32,8 @@ importers: specifier: ^4.21.0 version: 4.21.0 express-rate-limit: - specifier: ^6.3.0 - version: 6.11.2(express@4.21.0) + specifier: ^7.4.1 + version: 7.4.1(express@4.21.0) ffmpeg-static: specifier: ^5.1.0 version: 5.2.0 @@ -1298,11 +1298,11 @@ packages: resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==} engines: {node: '>=10'} - express-rate-limit@6.11.2: - resolution: {integrity: sha512-a7uwwfNTh1U60ssiIkuLFWHt4hAC5yxlLGU2VP0X4YNlyEDZAqF4tK3GD3NSitVBrCQmQ0++0uOyFOgC2y4DDw==} - engines: {node: '>= 14'} + express-rate-limit@7.4.1: + resolution: {integrity: sha512-KS3efpnpIDVIXopMc65EMbWbUht7qvTCdtCR2dD/IZmi9MIkopYESwyRqLgv8Pfu589+KqDqOdzJWW7AHoACeg==} + engines: {node: '>= 16'} peerDependencies: - express: ^4 || ^5 + express: 4 || 5 || ^5.0.0-beta.1 express@4.21.0: resolution: {integrity: sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==} @@ -3341,7 +3341,7 @@ snapshots: signal-exit: 3.0.7 strip-final-newline: 2.0.0 - express-rate-limit@6.11.2(express@4.21.0): + express-rate-limit@7.4.1(express@4.21.0): dependencies: express: 4.21.0