]>
Commit | Line | Data |
---|---|---|
1 | import express from 'express' | |
2 | import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit' | |
3 | import { CONFIG } from '@server/initializers/config' | |
4 | import { RunnerModel } from '@server/models/runner/runner' | |
5 | import { UserRole } from '@shared/models' | |
6 | import { optionalAuthenticate } from './auth' | |
7 | ||
8 | const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ]) | |
9 | ||
10 | export function buildRateLimiter (options: { | |
11 | windowMs: number | |
12 | max: number | |
13 | skipFailedRequests?: boolean | |
14 | }) { | |
15 | return RateLimit({ | |
16 | windowMs: options.windowMs, | |
17 | max: options.max, | |
18 | skipFailedRequests: options.skipFailedRequests, | |
19 | ||
20 | handler: (req, res, next, options) => { | |
21 | // Bypass rate limit for registered runners | |
22 | if (req.body?.runnerToken) { | |
23 | return RunnerModel.loadByToken(req.body.runnerToken) | |
24 | .then(runner => { | |
25 | if (runner) return next() | |
26 | ||
27 | return sendRateLimited(res, options) | |
28 | }) | |
29 | } | |
30 | ||
31 | // Bypass rate limit for admins/moderators | |
32 | return optionalAuthenticate(req, res, () => { | |
33 | if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) { | |
34 | return next() | |
35 | } | |
36 | ||
37 | return sendRateLimited(res, options) | |
38 | }) | |
39 | } | |
40 | }) | |
41 | } | |
42 | ||
43 | export const apiRateLimiter = buildRateLimiter({ | |
44 | windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS, | |
45 | max: CONFIG.RATES_LIMIT.API.MAX | |
46 | }) | |
47 | ||
48 | // --------------------------------------------------------------------------- | |
49 | // Private | |
50 | // --------------------------------------------------------------------------- | |
51 | ||
52 | function sendRateLimited (res: express.Response, options: RateLimitHandlerOptions) { | |
53 | return res.status(options.statusCode).send(options.message) | |
54 | } |