1 import express from 'express'
2 import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit'
3 import { RunnerModel } from '@server/models/runner/runner'
4 import { UserRole } from '@shared/models'
5 import { optionalAuthenticate } from './auth'
7 const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])
9 export function buildRateLimiter (options: {
12 skipFailedRequests?: boolean
15 windowMs: options.windowMs,
17 skipFailedRequests: options.skipFailedRequests,
19 handler: (req, res, next, options) => {
20 // Bypass rate limit for registered runners
21 if (req.body?.runnerToken) {
22 return RunnerModel.loadByToken(req.body.runnerToken)
24 if (runner) return next()
26 return sendRateLimited(res, options)
30 // Bypass rate limit for admins/moderators
31 return optionalAuthenticate(req, res, () => {
32 if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {
36 return sendRateLimited(res, options)
42 // ---------------------------------------------------------------------------
44 // ---------------------------------------------------------------------------
46 function sendRateLimited (res: express.Response, options: RateLimitHandlerOptions) {
47 return res.status(options.statusCode).send(options.message)