1 import { UserRole } from '@shared/models'
2 import RateLimit from 'express-rate-limit'
3 import { optionalAuthenticate } from './auth'
5 const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])
7 function buildRateLimiter (options: {
10 skipFailedRequests?: boolean
13 windowMs: options.windowMs,
15 skipFailedRequests: options.skipFailedRequests,
17 handler: (req, res, next, options) => {
18 return optionalAuthenticate(req, res, () => {
19 if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {
23 return res.status(options.statusCode).send(options.message)