foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2025-02-26 00:55:20 -05:00
Code Issues Releases Wiki Activity

Fix rate limiting middleware

Browse Source
This commit is contained in:
Jack Foltz 2018-12-26 21:01:15 -05:00
parent 69cba82d75
commit 5f2320a492
Signed by: foltik
GPG Key ID: D1F0331758D1F29A
3 changed files with 6 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/routes/api/auth.js
View File

@ -98,11 +98,11 @@ router.post('/register',
res.status(200).json({'message': 'Registration successful.'}); res.status(200).json({'message': 'Registration successful.'});
})); }));
console.log(config.get('RateLimit'));
const loginLimiter = config.get('RateLimit.enable') const loginLimiter = config.get('RateLimit.enable')
? rateLimit({ ? rateLimit({
windowMs: config.get('RateLimit.login.window') * 1000, windowMs: 60 * 60 * 1000,//config.get('RateLimit.login.window') * 1000,
max: config.get('RateLimit.login.max'), max: 5,//config.get('RateLimit.login.max'),
skipSuccessfulRequests: true
}) })
: (req, res, next) => { next(); }; : (req, res, next) => { next(); };
const loginProps = [ const loginProps = [
@ -110,6 +110,7 @@ const loginProps = [
{name: 'displayname', type: 'string', optional: true}, {name: 'displayname', type: 'string', optional: true},
{name: 'password', type: 'string'}]; {name: 'password', type: 'string'}];
router.post('/login', router.post('/login',
loginLimiter,
bodyVerifier(loginProps), bodyVerifier(loginProps),
canonicalizeRequest, canonicalizeRequest,
wrap(async (req, res, next) => { wrap(async (req, res, next) => {

26
app/util/auth.js
View File

@ -53,32 +53,6 @@ const apiLimiter = config.get('RateLimit.enable')
// sets req.username, req.displayname, req.scope, and req.key if authenticated properly, // sets req.username, req.displayname, req.scope, and req.key if authenticated properly,
// otherwise throws an error code. // otherwise throws an error code.
// If the user is banned, also throw an error. // If the user is banned, also throw an error.
/*
const requireAuth = scope => wrap(async (req, res, next) => {
const status = {
authenticated: false,
permission: false
};
// First, check the session
checkSession(req, scope, status);
// If not authenticated yet, check for a key
if (!status.authenticated)
await checkKey(req, scope, status);
if (!status.authenticated)
return res.status(401).json({message: 'Unauthorized.'});
else if (!status.permission)
return res.status(403).json({message: 'Forbidden.'});
// Check if the user is banned
const user = await User.findOne({username: req.username});
if (user && user.banned)
return res.status(403).json({message: 'Forbidden.'});
next();
});
*/
const requireAuth = scope => (req, res, next) => { const requireAuth = scope => (req, res, next) => {
apiLimiter(req, res, wrap(async () => { apiLimiter(req, res, wrap(async () => {

4
config/default.json
View File

@ -41,11 +41,11 @@
"enable": true, "enable": true,
"login": { "login": {
"window": 600, "window": 600,
"max": 5 "max": 10
}, },
"register": { "register": {
"window": 600, "window": 600,
"max": 5 "max": 10
}, },
"api": { "api": {
"window": 600, "window": 600,