api/core: generate JWT rate limiting key in auth handler

2024-11-15 04:39:58 +00:00 · 2024-10-04 17:03:57 +00:00 · 2024-10-04 17:03:57 +00:00 · dcd33803c1
commit dcd33803c1
parent 418602ca87
1 changed files with 2 additions and 7 deletions
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@ -81,12 +81,7 @@ export const runAPI = (express, app, __dirname) => {
        max: env.rateLimitMax,
        standardHeaders: true,
        legacyHeaders: false,
-        keyGenerator: req => {
-            if (req.authorized) {
-                return generateHmac(req.header("Authorization"), ipSalt);
-            }
-            return generateHmac(getIP(req), ipSalt);
-        },
+        keyGenerator: req => req.rateLimitKey || generateHmac(getIP(req), ipSalt),
        handler: handleRateExceeded
    })

@ -147,7 +142,7 @@ export const runAPI = (express, app, __dirname) => {
                return fail(res, "error.api.auth.jwt.invalid");
            }

-            req.authorized = true;
+            req.rateLimitKey = generateHmac(req.header("Authorization"), ipSalt);
        } catch {
            return fail(res, "error.api.generic");
        }