diff options
author | Chocobozzz <me@florianbigard.com> | 2023-06-20 14:17:34 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2023-06-20 14:17:34 +0200 |
commit | e915cde30ec47258a2beeec5ca748c928b59858c (patch) | |
tree | f5692ab20c534a61487f3bd471bb6105ed58d88a | |
parent | 923e41fa4f342019298b46e407ea1f0207f74205 (diff) | |
download | PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.gz PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.zst PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.zip |
Fix runner api rate limit bypass
26 files changed, 122 insertions, 31 deletions
diff --git a/server/controllers/api/abuse.ts b/server/controllers/api/abuse.ts index d6211cc83..d582f198d 100644 --- a/server/controllers/api/abuse.ts +++ b/server/controllers/api/abuse.ts | |||
@@ -16,6 +16,7 @@ import { | |||
16 | abusesSortValidator, | 16 | abusesSortValidator, |
17 | abuseUpdateValidator, | 17 | abuseUpdateValidator, |
18 | addAbuseMessageValidator, | 18 | addAbuseMessageValidator, |
19 | apiRateLimiter, | ||
19 | asyncMiddleware, | 20 | asyncMiddleware, |
20 | asyncRetryTransactionMiddleware, | 21 | asyncRetryTransactionMiddleware, |
21 | authenticate, | 22 | authenticate, |
@@ -32,6 +33,8 @@ import { AccountModel } from '../../models/account/account' | |||
32 | 33 | ||
33 | const abuseRouter = express.Router() | 34 | const abuseRouter = express.Router() |
34 | 35 | ||
36 | abuseRouter.use(apiRateLimiter) | ||
37 | |||
35 | abuseRouter.get('/', | 38 | abuseRouter.get('/', |
36 | openapiOperationDoc({ operationId: 'getAbuses' }), | 39 | openapiOperationDoc({ operationId: 'getAbuses' }), |
37 | authenticate, | 40 | authenticate, |
diff --git a/server/controllers/api/accounts.ts b/server/controllers/api/accounts.ts index 2d86d393c..96f36bf6f 100644 --- a/server/controllers/api/accounts.ts +++ b/server/controllers/api/accounts.ts | |||
@@ -9,6 +9,7 @@ import { getFormattedObjects } from '../../helpers/utils' | |||
9 | import { JobQueue } from '../../lib/job-queue' | 9 | import { JobQueue } from '../../lib/job-queue' |
10 | import { Hooks } from '../../lib/plugins/hooks' | 10 | import { Hooks } from '../../lib/plugins/hooks' |
11 | import { | 11 | import { |
12 | apiRateLimiter, | ||
12 | asyncMiddleware, | 13 | asyncMiddleware, |
13 | authenticate, | 14 | authenticate, |
14 | commonVideosFiltersValidator, | 15 | commonVideosFiltersValidator, |
@@ -41,6 +42,8 @@ import { VideoPlaylistModel } from '../../models/video/video-playlist' | |||
41 | 42 | ||
42 | const accountsRouter = express.Router() | 43 | const accountsRouter = express.Router() |
43 | 44 | ||
45 | accountsRouter.use(apiRateLimiter) | ||
46 | |||
44 | accountsRouter.get('/', | 47 | accountsRouter.get('/', |
45 | paginationValidator, | 48 | paginationValidator, |
46 | accountsSortValidator, | 49 | accountsSortValidator, |
diff --git a/server/controllers/api/blocklist.ts b/server/controllers/api/blocklist.ts index 1e936ad10..dee12b108 100644 --- a/server/controllers/api/blocklist.ts +++ b/server/controllers/api/blocklist.ts | |||
@@ -1,15 +1,17 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { handleToNameAndHost } from '@server/helpers/actors' | 2 | import { handleToNameAndHost } from '@server/helpers/actors' |
3 | import { logger } from '@server/helpers/logger' | ||
3 | import { AccountBlocklistModel } from '@server/models/account/account-blocklist' | 4 | import { AccountBlocklistModel } from '@server/models/account/account-blocklist' |
4 | import { getServerActor } from '@server/models/application/application' | 5 | import { getServerActor } from '@server/models/application/application' |
5 | import { ServerBlocklistModel } from '@server/models/server/server-blocklist' | 6 | import { ServerBlocklistModel } from '@server/models/server/server-blocklist' |
6 | import { MActorAccountId, MUserAccountId } from '@server/types/models' | 7 | import { MActorAccountId, MUserAccountId } from '@server/types/models' |
7 | import { BlockStatus } from '@shared/models' | 8 | import { BlockStatus } from '@shared/models' |
8 | import { asyncMiddleware, blocklistStatusValidator, optionalAuthenticate } from '../../middlewares' | 9 | import { apiRateLimiter, asyncMiddleware, blocklistStatusValidator, optionalAuthenticate } from '../../middlewares' |
9 | import { logger } from '@server/helpers/logger' | ||
10 | 10 | ||
11 | const blocklistRouter = express.Router() | 11 | const blocklistRouter = express.Router() |
12 | 12 | ||
13 | blocklistRouter.use(apiRateLimiter) | ||
14 | |||
13 | blocklistRouter.get('/status', | 15 | blocklistRouter.get('/status', |
14 | optionalAuthenticate, | 16 | optionalAuthenticate, |
15 | blocklistStatusValidator, | 17 | blocklistStatusValidator, |
diff --git a/server/controllers/api/bulk.ts b/server/controllers/api/bulk.ts index 51292175b..c41c7d378 100644 --- a/server/controllers/api/bulk.ts +++ b/server/controllers/api/bulk.ts | |||
@@ -4,10 +4,12 @@ import { bulkRemoveCommentsOfValidator } from '@server/middlewares/validators/bu | |||
4 | import { VideoCommentModel } from '@server/models/video/video-comment' | 4 | import { VideoCommentModel } from '@server/models/video/video-comment' |
5 | import { HttpStatusCode } from '@shared/models' | 5 | import { HttpStatusCode } from '@shared/models' |
6 | import { BulkRemoveCommentsOfBody } from '@shared/models/bulk/bulk-remove-comments-of-body.model' | 6 | import { BulkRemoveCommentsOfBody } from '@shared/models/bulk/bulk-remove-comments-of-body.model' |
7 | import { asyncMiddleware, authenticate } from '../../middlewares' | 7 | import { apiRateLimiter, asyncMiddleware, authenticate } from '../../middlewares' |
8 | 8 | ||
9 | const bulkRouter = express.Router() | 9 | const bulkRouter = express.Router() |
10 | 10 | ||
11 | bulkRouter.use(apiRateLimiter) | ||
12 | |||
11 | bulkRouter.post('/remove-comments-of', | 13 | bulkRouter.post('/remove-comments-of', |
12 | authenticate, | 14 | authenticate, |
13 | asyncMiddleware(bulkRemoveCommentsOfValidator), | 15 | asyncMiddleware(bulkRemoveCommentsOfValidator), |
diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts index 3b6230f4a..228eae109 100644 --- a/server/controllers/api/config.ts +++ b/server/controllers/api/config.ts | |||
@@ -8,11 +8,13 @@ import { auditLoggerFactory, CustomConfigAuditView, getAuditIdFromRes } from '.. | |||
8 | import { objectConverter } from '../../helpers/core-utils' | 8 | import { objectConverter } from '../../helpers/core-utils' |
9 | import { CONFIG, reloadConfig } from '../../initializers/config' | 9 | import { CONFIG, reloadConfig } from '../../initializers/config' |
10 | import { ClientHtml } from '../../lib/client-html' | 10 | import { ClientHtml } from '../../lib/client-html' |
11 | import { asyncMiddleware, authenticate, ensureUserHasRight, openapiOperationDoc } from '../../middlewares' | 11 | import { apiRateLimiter, asyncMiddleware, authenticate, ensureUserHasRight, openapiOperationDoc } from '../../middlewares' |
12 | import { customConfigUpdateValidator, ensureConfigIsEditable } from '../../middlewares/validators/config' | 12 | import { customConfigUpdateValidator, ensureConfigIsEditable } from '../../middlewares/validators/config' |
13 | 13 | ||
14 | const configRouter = express.Router() | 14 | const configRouter = express.Router() |
15 | 15 | ||
16 | configRouter.use(apiRateLimiter) | ||
17 | |||
16 | const auditLogger = auditLoggerFactory('config') | 18 | const auditLogger = auditLoggerFactory('config') |
17 | 19 | ||
18 | configRouter.get('/', | 20 | configRouter.get('/', |
diff --git a/server/controllers/api/custom-page.ts b/server/controllers/api/custom-page.ts index d1c672f3f..f4e1a0e79 100644 --- a/server/controllers/api/custom-page.ts +++ b/server/controllers/api/custom-page.ts | |||
@@ -2,10 +2,12 @@ import express from 'express' | |||
2 | import { ServerConfigManager } from '@server/lib/server-config-manager' | 2 | import { ServerConfigManager } from '@server/lib/server-config-manager' |
3 | import { ActorCustomPageModel } from '@server/models/account/actor-custom-page' | 3 | import { ActorCustomPageModel } from '@server/models/account/actor-custom-page' |
4 | import { HttpStatusCode, UserRight } from '@shared/models' | 4 | import { HttpStatusCode, UserRight } from '@shared/models' |
5 | import { asyncMiddleware, authenticate, ensureUserHasRight } from '../../middlewares' | 5 | import { apiRateLimiter, asyncMiddleware, authenticate, ensureUserHasRight } from '../../middlewares' |
6 | 6 | ||
7 | const customPageRouter = express.Router() | 7 | const customPageRouter = express.Router() |
8 | 8 | ||
9 | customPageRouter.use(apiRateLimiter) | ||
10 | |||
9 | customPageRouter.get('/homepage/instance', | 11 | customPageRouter.get('/homepage/instance', |
10 | asyncMiddleware(getInstanceHomepage) | 12 | asyncMiddleware(getInstanceHomepage) |
11 | ) | 13 | ) |
diff --git a/server/controllers/api/index.ts b/server/controllers/api/index.ts index 646f9597e..31f1a56f9 100644 --- a/server/controllers/api/index.ts +++ b/server/controllers/api/index.ts | |||
@@ -1,9 +1,8 @@ | |||
1 | import cors from 'cors' | 1 | import cors from 'cors' |
2 | import express from 'express' | 2 | import express from 'express' |
3 | import { buildRateLimiter } from '@server/middlewares' | 3 | |
4 | import { HttpStatusCode } from '../../../shared/models' | 4 | import { HttpStatusCode } from '../../../shared/models' |
5 | import { badRequest } from '../../helpers/express-utils' | 5 | import { badRequest } from '../../helpers/express-utils' |
6 | import { CONFIG } from '../../initializers/config' | ||
7 | import { abuseRouter } from './abuse' | 6 | import { abuseRouter } from './abuse' |
8 | import { accountsRouter } from './accounts' | 7 | import { accountsRouter } from './accounts' |
9 | import { blocklistRouter } from './blocklist' | 8 | import { blocklistRouter } from './blocklist' |
@@ -32,12 +31,6 @@ apiRouter.use(cors({ | |||
32 | credentials: true | 31 | credentials: true |
33 | })) | 32 | })) |
34 | 33 | ||
35 | const apiRateLimiter = buildRateLimiter({ | ||
36 | windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS, | ||
37 | max: CONFIG.RATES_LIMIT.API.MAX | ||
38 | }) | ||
39 | apiRouter.use(apiRateLimiter) | ||
40 | |||
41 | apiRouter.use('/server', serverRouter) | 34 | apiRouter.use('/server', serverRouter) |
42 | apiRouter.use('/abuses', abuseRouter) | 35 | apiRouter.use('/abuses', abuseRouter) |
43 | apiRouter.use('/bulk', bulkRouter) | 36 | apiRouter.use('/bulk', bulkRouter) |
@@ -57,6 +50,8 @@ apiRouter.use('/plugins', pluginRouter) | |||
57 | apiRouter.use('/custom-pages', customPageRouter) | 50 | apiRouter.use('/custom-pages', customPageRouter) |
58 | apiRouter.use('/blocklist', blocklistRouter) | 51 | apiRouter.use('/blocklist', blocklistRouter) |
59 | apiRouter.use('/runners', runnersRouter) | 52 | apiRouter.use('/runners', runnersRouter) |
53 | |||
54 | // apiRouter.use(apiRateLimiter) | ||
60 | apiRouter.use('/ping', pong) | 55 | apiRouter.use('/ping', pong) |
61 | apiRouter.use('/*', badRequest) | 56 | apiRouter.use('/*', badRequest) |
62 | 57 | ||
diff --git a/server/controllers/api/jobs.ts b/server/controllers/api/jobs.ts index b63e2f962..c701bc970 100644 --- a/server/controllers/api/jobs.ts +++ b/server/controllers/api/jobs.ts | |||
@@ -4,6 +4,7 @@ import { HttpStatusCode, Job, JobState, JobType, ResultList, UserRight } from '@ | |||
4 | import { isArray } from '../../helpers/custom-validators/misc' | 4 | import { isArray } from '../../helpers/custom-validators/misc' |
5 | import { JobQueue } from '../../lib/job-queue' | 5 | import { JobQueue } from '../../lib/job-queue' |
6 | import { | 6 | import { |
7 | apiRateLimiter, | ||
7 | asyncMiddleware, | 8 | asyncMiddleware, |
8 | authenticate, | 9 | authenticate, |
9 | ensureUserHasRight, | 10 | ensureUserHasRight, |
@@ -17,6 +18,8 @@ import { listJobsValidator } from '../../middlewares/validators/jobs' | |||
17 | 18 | ||
18 | const jobsRouter = express.Router() | 19 | const jobsRouter = express.Router() |
19 | 20 | ||
21 | jobsRouter.use(apiRateLimiter) | ||
22 | |||
20 | jobsRouter.post('/pause', | 23 | jobsRouter.post('/pause', |
21 | authenticate, | 24 | authenticate, |
22 | ensureUserHasRight(UserRight.MANAGE_JOBS), | 25 | ensureUserHasRight(UserRight.MANAGE_JOBS), |
diff --git a/server/controllers/api/metrics.ts b/server/controllers/api/metrics.ts index f66173875..909963fa7 100644 --- a/server/controllers/api/metrics.ts +++ b/server/controllers/api/metrics.ts | |||
@@ -1,11 +1,13 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { CONFIG } from '@server/initializers/config' | ||
2 | import { OpenTelemetryMetrics } from '@server/lib/opentelemetry/metrics' | 3 | import { OpenTelemetryMetrics } from '@server/lib/opentelemetry/metrics' |
3 | import { HttpStatusCode, PlaybackMetricCreate } from '@shared/models' | 4 | import { HttpStatusCode, PlaybackMetricCreate } from '@shared/models' |
4 | import { addPlaybackMetricValidator, asyncMiddleware } from '../../middlewares' | 5 | import { addPlaybackMetricValidator, apiRateLimiter, asyncMiddleware } from '../../middlewares' |
5 | import { CONFIG } from '@server/initializers/config' | ||
6 | 6 | ||
7 | const metricsRouter = express.Router() | 7 | const metricsRouter = express.Router() |
8 | 8 | ||
9 | metricsRouter.use(apiRateLimiter) | ||
10 | |||
9 | metricsRouter.post('/playback', | 11 | metricsRouter.post('/playback', |
10 | asyncMiddleware(addPlaybackMetricValidator), | 12 | asyncMiddleware(addPlaybackMetricValidator), |
11 | addPlaybackMetric | 13 | addPlaybackMetric |
diff --git a/server/controllers/api/oauth-clients.ts b/server/controllers/api/oauth-clients.ts index eb7942fd6..b619b78a3 100644 --- a/server/controllers/api/oauth-clients.ts +++ b/server/controllers/api/oauth-clients.ts | |||
@@ -4,10 +4,12 @@ import { OAuthClientModel } from '@server/models/oauth/oauth-client' | |||
4 | import { HttpStatusCode, OAuthClientLocal } from '@shared/models' | 4 | import { HttpStatusCode, OAuthClientLocal } from '@shared/models' |
5 | import { logger } from '../../helpers/logger' | 5 | import { logger } from '../../helpers/logger' |
6 | import { CONFIG } from '../../initializers/config' | 6 | import { CONFIG } from '../../initializers/config' |
7 | import { asyncMiddleware, openapiOperationDoc } from '../../middlewares' | 7 | import { apiRateLimiter, asyncMiddleware, openapiOperationDoc } from '../../middlewares' |
8 | 8 | ||
9 | const oauthClientsRouter = express.Router() | 9 | const oauthClientsRouter = express.Router() |
10 | 10 | ||
11 | oauthClientsRouter.use(apiRateLimiter) | ||
12 | |||
11 | oauthClientsRouter.get('/local', | 13 | oauthClientsRouter.get('/local', |
12 | openapiOperationDoc({ operationId: 'getOAuthClient' }), | 14 | openapiOperationDoc({ operationId: 'getOAuthClient' }), |
13 | asyncMiddleware(getLocalClient) | 15 | asyncMiddleware(getLocalClient) |
diff --git a/server/controllers/api/overviews.ts b/server/controllers/api/overviews.ts index 34585e557..fc616281e 100644 --- a/server/controllers/api/overviews.ts +++ b/server/controllers/api/overviews.ts | |||
@@ -2,16 +2,18 @@ import express from 'express' | |||
2 | import memoizee from 'memoizee' | 2 | import memoizee from 'memoizee' |
3 | import { logger } from '@server/helpers/logger' | 3 | import { logger } from '@server/helpers/logger' |
4 | import { Hooks } from '@server/lib/plugins/hooks' | 4 | import { Hooks } from '@server/lib/plugins/hooks' |
5 | import { getServerActor } from '@server/models/application/application' | ||
5 | import { VideoModel } from '@server/models/video/video' | 6 | import { VideoModel } from '@server/models/video/video' |
6 | import { CategoryOverview, ChannelOverview, TagOverview, VideosOverview } from '../../../shared/models/overviews' | 7 | import { CategoryOverview, ChannelOverview, TagOverview, VideosOverview } from '../../../shared/models/overviews' |
7 | import { buildNSFWFilter } from '../../helpers/express-utils' | 8 | import { buildNSFWFilter } from '../../helpers/express-utils' |
8 | import { MEMOIZE_TTL, OVERVIEWS } from '../../initializers/constants' | 9 | import { MEMOIZE_TTL, OVERVIEWS } from '../../initializers/constants' |
9 | import { asyncMiddleware, optionalAuthenticate, videosOverviewValidator } from '../../middlewares' | 10 | import { apiRateLimiter, asyncMiddleware, optionalAuthenticate, videosOverviewValidator } from '../../middlewares' |
10 | import { TagModel } from '../../models/video/tag' | 11 | import { TagModel } from '../../models/video/tag' |
11 | import { getServerActor } from '@server/models/application/application' | ||
12 | 12 | ||
13 | const overviewsRouter = express.Router() | 13 | const overviewsRouter = express.Router() |
14 | 14 | ||
15 | overviewsRouter.use(apiRateLimiter) | ||
16 | |||
15 | overviewsRouter.get('/videos', | 17 | overviewsRouter.get('/videos', |
16 | videosOverviewValidator, | 18 | videosOverviewValidator, |
17 | optionalAuthenticate, | 19 | optionalAuthenticate, |
diff --git a/server/controllers/api/plugins.ts b/server/controllers/api/plugins.ts index e85fd6e11..337b72b2f 100644 --- a/server/controllers/api/plugins.ts +++ b/server/controllers/api/plugins.ts | |||
@@ -4,6 +4,7 @@ import { getFormattedObjects } from '@server/helpers/utils' | |||
4 | import { listAvailablePluginsFromIndex } from '@server/lib/plugins/plugin-index' | 4 | import { listAvailablePluginsFromIndex } from '@server/lib/plugins/plugin-index' |
5 | import { PluginManager } from '@server/lib/plugins/plugin-manager' | 5 | import { PluginManager } from '@server/lib/plugins/plugin-manager' |
6 | import { | 6 | import { |
7 | apiRateLimiter, | ||
7 | asyncMiddleware, | 8 | asyncMiddleware, |
8 | authenticate, | 9 | authenticate, |
9 | availablePluginsSortValidator, | 10 | availablePluginsSortValidator, |
@@ -35,6 +36,8 @@ import { | |||
35 | 36 | ||
36 | const pluginRouter = express.Router() | 37 | const pluginRouter = express.Router() |
37 | 38 | ||
39 | pluginRouter.use(apiRateLimiter) | ||
40 | |||
38 | pluginRouter.get('/available', | 41 | pluginRouter.get('/available', |
39 | openapiOperationDoc({ operationId: 'getAvailablePlugins' }), | 42 | openapiOperationDoc({ operationId: 'getAvailablePlugins' }), |
40 | authenticate, | 43 | authenticate, |
diff --git a/server/controllers/api/runners/index.ts b/server/controllers/api/runners/index.ts index c98ded354..9998fe4cc 100644 --- a/server/controllers/api/runners/index.ts +++ b/server/controllers/api/runners/index.ts | |||
@@ -6,6 +6,8 @@ import { runnerRegistrationTokensRouter } from './registration-tokens' | |||
6 | 6 | ||
7 | const runnersRouter = express.Router() | 7 | const runnersRouter = express.Router() |
8 | 8 | ||
9 | // No api route limiter here, they are defined in child routers | ||
10 | |||
9 | runnersRouter.use('/', manageRunnersRouter) | 11 | runnersRouter.use('/', manageRunnersRouter) |
10 | runnersRouter.use('/', runnerJobsRouter) | 12 | runnersRouter.use('/', runnerJobsRouter) |
11 | runnersRouter.use('/', runnerJobFilesRouter) | 13 | runnersRouter.use('/', runnerJobFilesRouter) |
diff --git a/server/controllers/api/runners/jobs-files.ts b/server/controllers/api/runners/jobs-files.ts index 260d824a8..4e69fb902 100644 --- a/server/controllers/api/runners/jobs-files.ts +++ b/server/controllers/api/runners/jobs-files.ts | |||
@@ -3,7 +3,7 @@ import { logger, loggerTagsFactory } from '@server/helpers/logger' | |||
3 | import { proxifyHLS, proxifyWebTorrentFile } from '@server/lib/object-storage' | 3 | import { proxifyHLS, proxifyWebTorrentFile } from '@server/lib/object-storage' |
4 | import { VideoPathManager } from '@server/lib/video-path-manager' | 4 | import { VideoPathManager } from '@server/lib/video-path-manager' |
5 | import { getStudioTaskFilePath } from '@server/lib/video-studio' | 5 | import { getStudioTaskFilePath } from '@server/lib/video-studio' |
6 | import { asyncMiddleware } from '@server/middlewares' | 6 | import { apiRateLimiter, asyncMiddleware } from '@server/middlewares' |
7 | import { jobOfRunnerGetValidator } from '@server/middlewares/validators/runners' | 7 | import { jobOfRunnerGetValidator } from '@server/middlewares/validators/runners' |
8 | import { | 8 | import { |
9 | runnerJobGetVideoStudioTaskFileValidator, | 9 | runnerJobGetVideoStudioTaskFileValidator, |
@@ -16,18 +16,21 @@ const lTags = loggerTagsFactory('api', 'runner') | |||
16 | const runnerJobFilesRouter = express.Router() | 16 | const runnerJobFilesRouter = express.Router() |
17 | 17 | ||
18 | runnerJobFilesRouter.post('/jobs/:jobUUID/files/videos/:videoId/max-quality', | 18 | runnerJobFilesRouter.post('/jobs/:jobUUID/files/videos/:videoId/max-quality', |
19 | apiRateLimiter, | ||
19 | asyncMiddleware(jobOfRunnerGetValidator), | 20 | asyncMiddleware(jobOfRunnerGetValidator), |
20 | asyncMiddleware(runnerJobGetVideoTranscodingFileValidator), | 21 | asyncMiddleware(runnerJobGetVideoTranscodingFileValidator), |
21 | asyncMiddleware(getMaxQualityVideoFile) | 22 | asyncMiddleware(getMaxQualityVideoFile) |
22 | ) | 23 | ) |
23 | 24 | ||
24 | runnerJobFilesRouter.post('/jobs/:jobUUID/files/videos/:videoId/previews/max-quality', | 25 | runnerJobFilesRouter.post('/jobs/:jobUUID/files/videos/:videoId/previews/max-quality', |
26 | apiRateLimiter, | ||
25 | asyncMiddleware(jobOfRunnerGetValidator), | 27 | asyncMiddleware(jobOfRunnerGetValidator), |
26 | asyncMiddleware(runnerJobGetVideoTranscodingFileValidator), | 28 | asyncMiddleware(runnerJobGetVideoTranscodingFileValidator), |
27 | getMaxQualityVideoPreview | 29 | getMaxQualityVideoPreview |
28 | ) | 30 | ) |
29 | 31 | ||
30 | runnerJobFilesRouter.post('/jobs/:jobUUID/files/videos/:videoId/studio/task-files/:filename', | 32 | runnerJobFilesRouter.post('/jobs/:jobUUID/files/videos/:videoId/studio/task-files/:filename', |
33 | apiRateLimiter, | ||
31 | asyncMiddleware(jobOfRunnerGetValidator), | 34 | asyncMiddleware(jobOfRunnerGetValidator), |
32 | asyncMiddleware(runnerJobGetVideoTranscodingFileValidator), | 35 | asyncMiddleware(runnerJobGetVideoTranscodingFileValidator), |
33 | runnerJobGetVideoStudioTaskFileValidator, | 36 | runnerJobGetVideoStudioTaskFileValidator, |
diff --git a/server/controllers/api/runners/jobs.ts b/server/controllers/api/runners/jobs.ts index 140f062be..5d687e689 100644 --- a/server/controllers/api/runners/jobs.ts +++ b/server/controllers/api/runners/jobs.ts | |||
@@ -7,6 +7,7 @@ import { MIMETYPES } from '@server/initializers/constants' | |||
7 | import { sequelizeTypescript } from '@server/initializers/database' | 7 | import { sequelizeTypescript } from '@server/initializers/database' |
8 | import { getRunnerJobHandlerClass, updateLastRunnerContact } from '@server/lib/runners' | 8 | import { getRunnerJobHandlerClass, updateLastRunnerContact } from '@server/lib/runners' |
9 | import { | 9 | import { |
10 | apiRateLimiter, | ||
10 | asyncMiddleware, | 11 | asyncMiddleware, |
11 | authenticate, | 12 | authenticate, |
12 | ensureUserHasRight, | 13 | ensureUserHasRight, |
@@ -69,11 +70,13 @@ const runnerJobsRouter = express.Router() | |||
69 | // --------------------------------------------------------------------------- | 70 | // --------------------------------------------------------------------------- |
70 | 71 | ||
71 | runnerJobsRouter.post('/jobs/request', | 72 | runnerJobsRouter.post('/jobs/request', |
73 | apiRateLimiter, | ||
72 | asyncMiddleware(getRunnerFromTokenValidator), | 74 | asyncMiddleware(getRunnerFromTokenValidator), |
73 | asyncMiddleware(requestRunnerJob) | 75 | asyncMiddleware(requestRunnerJob) |
74 | ) | 76 | ) |
75 | 77 | ||
76 | runnerJobsRouter.post('/jobs/:jobUUID/accept', | 78 | runnerJobsRouter.post('/jobs/:jobUUID/accept', |
79 | apiRateLimiter, | ||
77 | asyncMiddleware(runnerJobGetValidator), | 80 | asyncMiddleware(runnerJobGetValidator), |
78 | acceptRunnerJobValidator, | 81 | acceptRunnerJobValidator, |
79 | asyncMiddleware(getRunnerFromTokenValidator), | 82 | asyncMiddleware(getRunnerFromTokenValidator), |
@@ -81,6 +84,7 @@ runnerJobsRouter.post('/jobs/:jobUUID/accept', | |||
81 | ) | 84 | ) |
82 | 85 | ||
83 | runnerJobsRouter.post('/jobs/:jobUUID/abort', | 86 | runnerJobsRouter.post('/jobs/:jobUUID/abort', |
87 | apiRateLimiter, | ||
84 | asyncMiddleware(jobOfRunnerGetValidator), | 88 | asyncMiddleware(jobOfRunnerGetValidator), |
85 | abortRunnerJobValidator, | 89 | abortRunnerJobValidator, |
86 | asyncMiddleware(abortRunnerJob) | 90 | asyncMiddleware(abortRunnerJob) |
@@ -88,6 +92,7 @@ runnerJobsRouter.post('/jobs/:jobUUID/abort', | |||
88 | 92 | ||
89 | runnerJobsRouter.post('/jobs/:jobUUID/update', | 93 | runnerJobsRouter.post('/jobs/:jobUUID/update', |
90 | runnerJobUpdateVideoFiles, | 94 | runnerJobUpdateVideoFiles, |
95 | apiRateLimiter, // Has to be after multer middleware to parse runner token | ||
91 | asyncMiddleware(jobOfRunnerGetValidator), | 96 | asyncMiddleware(jobOfRunnerGetValidator), |
92 | updateRunnerJobValidator, | 97 | updateRunnerJobValidator, |
93 | asyncMiddleware(updateRunnerJobController) | 98 | asyncMiddleware(updateRunnerJobController) |
@@ -101,6 +106,7 @@ runnerJobsRouter.post('/jobs/:jobUUID/error', | |||
101 | 106 | ||
102 | runnerJobsRouter.post('/jobs/:jobUUID/success', | 107 | runnerJobsRouter.post('/jobs/:jobUUID/success', |
103 | postRunnerJobSuccessVideoFiles, | 108 | postRunnerJobSuccessVideoFiles, |
109 | apiRateLimiter, // Has to be after multer middleware to parse runner token | ||
104 | asyncMiddleware(jobOfRunnerGetValidator), | 110 | asyncMiddleware(jobOfRunnerGetValidator), |
105 | successRunnerJobValidator, | 111 | successRunnerJobValidator, |
106 | asyncMiddleware(postRunnerJobSuccess) | 112 | asyncMiddleware(postRunnerJobSuccess) |
diff --git a/server/controllers/api/runners/manage-runners.ts b/server/controllers/api/runners/manage-runners.ts index eb08c4b1d..be7ebc0b3 100644 --- a/server/controllers/api/runners/manage-runners.ts +++ b/server/controllers/api/runners/manage-runners.ts | |||
@@ -2,6 +2,7 @@ import express from 'express' | |||
2 | import { logger, loggerTagsFactory } from '@server/helpers/logger' | 2 | import { logger, loggerTagsFactory } from '@server/helpers/logger' |
3 | import { generateRunnerToken } from '@server/helpers/token-generator' | 3 | import { generateRunnerToken } from '@server/helpers/token-generator' |
4 | import { | 4 | import { |
5 | apiRateLimiter, | ||
5 | asyncMiddleware, | 6 | asyncMiddleware, |
6 | authenticate, | 7 | authenticate, |
7 | ensureUserHasRight, | 8 | ensureUserHasRight, |
@@ -19,15 +20,18 @@ const lTags = loggerTagsFactory('api', 'runner') | |||
19 | const manageRunnersRouter = express.Router() | 20 | const manageRunnersRouter = express.Router() |
20 | 21 | ||
21 | manageRunnersRouter.post('/register', | 22 | manageRunnersRouter.post('/register', |
23 | apiRateLimiter, | ||
22 | asyncMiddleware(registerRunnerValidator), | 24 | asyncMiddleware(registerRunnerValidator), |
23 | asyncMiddleware(registerRunner) | 25 | asyncMiddleware(registerRunner) |
24 | ) | 26 | ) |
25 | manageRunnersRouter.post('/unregister', | 27 | manageRunnersRouter.post('/unregister', |
28 | apiRateLimiter, | ||
26 | asyncMiddleware(getRunnerFromTokenValidator), | 29 | asyncMiddleware(getRunnerFromTokenValidator), |
27 | asyncMiddleware(unregisterRunner) | 30 | asyncMiddleware(unregisterRunner) |
28 | ) | 31 | ) |
29 | 32 | ||
30 | manageRunnersRouter.delete('/:runnerId', | 33 | manageRunnersRouter.delete('/:runnerId', |
34 | apiRateLimiter, | ||
31 | authenticate, | 35 | authenticate, |
32 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), | 36 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), |
33 | asyncMiddleware(deleteRunnerValidator), | 37 | asyncMiddleware(deleteRunnerValidator), |
@@ -35,6 +39,7 @@ manageRunnersRouter.delete('/:runnerId', | |||
35 | ) | 39 | ) |
36 | 40 | ||
37 | manageRunnersRouter.get('/', | 41 | manageRunnersRouter.get('/', |
42 | apiRateLimiter, | ||
38 | authenticate, | 43 | authenticate, |
39 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), | 44 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), |
40 | paginationValidator, | 45 | paginationValidator, |
diff --git a/server/controllers/api/runners/registration-tokens.ts b/server/controllers/api/runners/registration-tokens.ts index 5ac3773fe..117ff271b 100644 --- a/server/controllers/api/runners/registration-tokens.ts +++ b/server/controllers/api/runners/registration-tokens.ts | |||
@@ -1,6 +1,8 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { logger, loggerTagsFactory } from '@server/helpers/logger' | ||
2 | import { generateRunnerRegistrationToken } from '@server/helpers/token-generator' | 3 | import { generateRunnerRegistrationToken } from '@server/helpers/token-generator' |
3 | import { | 4 | import { |
5 | apiRateLimiter, | ||
4 | asyncMiddleware, | 6 | asyncMiddleware, |
5 | authenticate, | 7 | authenticate, |
6 | ensureUserHasRight, | 8 | ensureUserHasRight, |
@@ -12,19 +14,20 @@ import { | |||
12 | import { deleteRegistrationTokenValidator } from '@server/middlewares/validators/runners' | 14 | import { deleteRegistrationTokenValidator } from '@server/middlewares/validators/runners' |
13 | import { RunnerRegistrationTokenModel } from '@server/models/runner/runner-registration-token' | 15 | import { RunnerRegistrationTokenModel } from '@server/models/runner/runner-registration-token' |
14 | import { HttpStatusCode, ListRunnerRegistrationTokensQuery, UserRight } from '@shared/models' | 16 | import { HttpStatusCode, ListRunnerRegistrationTokensQuery, UserRight } from '@shared/models' |
15 | import { logger, loggerTagsFactory } from '@server/helpers/logger' | ||
16 | 17 | ||
17 | const lTags = loggerTagsFactory('api', 'runner') | 18 | const lTags = loggerTagsFactory('api', 'runner') |
18 | 19 | ||
19 | const runnerRegistrationTokensRouter = express.Router() | 20 | const runnerRegistrationTokensRouter = express.Router() |
20 | 21 | ||
21 | runnerRegistrationTokensRouter.post('/registration-tokens/generate', | 22 | runnerRegistrationTokensRouter.post('/registration-tokens/generate', |
23 | apiRateLimiter, | ||
22 | authenticate, | 24 | authenticate, |
23 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), | 25 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), |
24 | asyncMiddleware(generateRegistrationToken) | 26 | asyncMiddleware(generateRegistrationToken) |
25 | ) | 27 | ) |
26 | 28 | ||
27 | runnerRegistrationTokensRouter.delete('/registration-tokens/:id', | 29 | runnerRegistrationTokensRouter.delete('/registration-tokens/:id', |
30 | apiRateLimiter, | ||
28 | authenticate, | 31 | authenticate, |
29 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), | 32 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), |
30 | asyncMiddleware(deleteRegistrationTokenValidator), | 33 | asyncMiddleware(deleteRegistrationTokenValidator), |
@@ -32,6 +35,7 @@ runnerRegistrationTokensRouter.delete('/registration-tokens/:id', | |||
32 | ) | 35 | ) |
33 | 36 | ||
34 | runnerRegistrationTokensRouter.get('/registration-tokens', | 37 | runnerRegistrationTokensRouter.get('/registration-tokens', |
38 | apiRateLimiter, | ||
35 | authenticate, | 39 | authenticate, |
36 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), | 40 | ensureUserHasRight(UserRight.MANAGE_RUNNERS), |
37 | paginationValidator, | 41 | paginationValidator, |
diff --git a/server/controllers/api/search/index.ts b/server/controllers/api/search/index.ts index 39efc0b10..4d395161c 100644 --- a/server/controllers/api/search/index.ts +++ b/server/controllers/api/search/index.ts | |||
@@ -1,10 +1,13 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { apiRateLimiter } from '@server/middlewares' | ||
2 | import { searchChannelsRouter } from './search-video-channels' | 3 | import { searchChannelsRouter } from './search-video-channels' |
3 | import { searchPlaylistsRouter } from './search-video-playlists' | 4 | import { searchPlaylistsRouter } from './search-video-playlists' |
4 | import { searchVideosRouter } from './search-videos' | 5 | import { searchVideosRouter } from './search-videos' |
5 | 6 | ||
6 | const searchRouter = express.Router() | 7 | const searchRouter = express.Router() |
7 | 8 | ||
9 | searchRouter.use(apiRateLimiter) | ||
10 | |||
8 | searchRouter.use('/', searchVideosRouter) | 11 | searchRouter.use('/', searchVideosRouter) |
9 | searchRouter.use('/', searchChannelsRouter) | 12 | searchRouter.use('/', searchChannelsRouter) |
10 | searchRouter.use('/', searchPlaylistsRouter) | 13 | searchRouter.use('/', searchPlaylistsRouter) |
diff --git a/server/controllers/api/server/index.ts b/server/controllers/api/server/index.ts index b20718d09..57f7d601c 100644 --- a/server/controllers/api/server/index.ts +++ b/server/controllers/api/server/index.ts | |||
@@ -1,4 +1,5 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { apiRateLimiter } from '@server/middlewares' | ||
2 | import { contactRouter } from './contact' | 3 | import { contactRouter } from './contact' |
3 | import { debugRouter } from './debug' | 4 | import { debugRouter } from './debug' |
4 | import { serverFollowsRouter } from './follows' | 5 | import { serverFollowsRouter } from './follows' |
@@ -9,6 +10,8 @@ import { statsRouter } from './stats' | |||
9 | 10 | ||
10 | const serverRouter = express.Router() | 11 | const serverRouter = express.Router() |
11 | 12 | ||
13 | serverRouter.use(apiRateLimiter) | ||
14 | |||
12 | serverRouter.use('/', serverFollowsRouter) | 15 | serverRouter.use('/', serverFollowsRouter) |
13 | serverRouter.use('/', serverRedundancyRouter) | 16 | serverRouter.use('/', serverRedundancyRouter) |
14 | serverRouter.use('/', statsRouter) | 17 | serverRouter.use('/', statsRouter) |
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index 96366d68c..5eac6fd0f 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
@@ -15,6 +15,7 @@ import { Redis } from '../../../lib/redis' | |||
15 | import { buildUser, createUserAccountAndChannelAndPlaylist } from '../../../lib/user' | 15 | import { buildUser, createUserAccountAndChannelAndPlaylist } from '../../../lib/user' |
16 | import { | 16 | import { |
17 | adminUsersSortValidator, | 17 | adminUsersSortValidator, |
18 | apiRateLimiter, | ||
18 | asyncMiddleware, | 19 | asyncMiddleware, |
19 | asyncRetryTransactionMiddleware, | 20 | asyncRetryTransactionMiddleware, |
20 | authenticate, | 21 | authenticate, |
@@ -50,6 +51,9 @@ import { twoFactorRouter } from './two-factor' | |||
50 | const auditLogger = auditLoggerFactory('users') | 51 | const auditLogger = auditLoggerFactory('users') |
51 | 52 | ||
52 | const usersRouter = express.Router() | 53 | const usersRouter = express.Router() |
54 | |||
55 | usersRouter.use(apiRateLimiter) | ||
56 | |||
53 | usersRouter.use('/', emailVerificationRouter) | 57 | usersRouter.use('/', emailVerificationRouter) |
54 | usersRouter.use('/', registrationsRouter) | 58 | usersRouter.use('/', registrationsRouter) |
55 | usersRouter.use('/', twoFactorRouter) | 59 | usersRouter.use('/', twoFactorRouter) |
diff --git a/server/controllers/api/video-channel-sync.ts b/server/controllers/api/video-channel-sync.ts index 03c54b59c..6b52ac7dd 100644 --- a/server/controllers/api/video-channel-sync.ts +++ b/server/controllers/api/video-channel-sync.ts | |||
@@ -2,6 +2,7 @@ import express from 'express' | |||
2 | import { auditLoggerFactory, getAuditIdFromRes, VideoChannelSyncAuditView } from '@server/helpers/audit-logger' | 2 | import { auditLoggerFactory, getAuditIdFromRes, VideoChannelSyncAuditView } from '@server/helpers/audit-logger' |
3 | import { logger } from '@server/helpers/logger' | 3 | import { logger } from '@server/helpers/logger' |
4 | import { | 4 | import { |
5 | apiRateLimiter, | ||
5 | asyncMiddleware, | 6 | asyncMiddleware, |
6 | asyncRetryTransactionMiddleware, | 7 | asyncRetryTransactionMiddleware, |
7 | authenticate, | 8 | authenticate, |
@@ -17,6 +18,8 @@ import { HttpStatusCode, VideoChannelSyncState } from '@shared/models' | |||
17 | const videoChannelSyncRouter = express.Router() | 18 | const videoChannelSyncRouter = express.Router() |
18 | const auditLogger = auditLoggerFactory('channel-syncs') | 19 | const auditLogger = auditLoggerFactory('channel-syncs') |
19 | 20 | ||
21 | videoChannelSyncRouter.use(apiRateLimiter) | ||
22 | |||
20 | videoChannelSyncRouter.post('/', | 23 | videoChannelSyncRouter.post('/', |
21 | authenticate, | 24 | authenticate, |
22 | ensureSyncIsEnabled, | 25 | ensureSyncIsEnabled, |
diff --git a/server/controllers/api/video-channel.ts b/server/controllers/api/video-channel.ts index c6d144f79..cdafa31dc 100644 --- a/server/controllers/api/video-channel.ts +++ b/server/controllers/api/video-channel.ts | |||
@@ -19,6 +19,7 @@ import { JobQueue } from '../../lib/job-queue' | |||
19 | import { deleteLocalActorImageFile, updateLocalActorImageFiles } from '../../lib/local-actor' | 19 | import { deleteLocalActorImageFile, updateLocalActorImageFiles } from '../../lib/local-actor' |
20 | import { createLocalVideoChannel, federateAllVideosOfChannel } from '../../lib/video-channel' | 20 | import { createLocalVideoChannel, federateAllVideosOfChannel } from '../../lib/video-channel' |
21 | import { | 21 | import { |
22 | apiRateLimiter, | ||
22 | asyncMiddleware, | 23 | asyncMiddleware, |
23 | asyncRetryTransactionMiddleware, | 24 | asyncRetryTransactionMiddleware, |
24 | authenticate, | 25 | authenticate, |
@@ -57,6 +58,8 @@ const reqBannerFile = createReqFiles([ 'bannerfile' ], MIMETYPES.IMAGE.MIMETYPE_ | |||
57 | 58 | ||
58 | const videoChannelRouter = express.Router() | 59 | const videoChannelRouter = express.Router() |
59 | 60 | ||
61 | videoChannelRouter.use(apiRateLimiter) | ||
62 | |||
60 | videoChannelRouter.get('/', | 63 | videoChannelRouter.get('/', |
61 | paginationValidator, | 64 | paginationValidator, |
62 | videoChannelsSortValidator, | 65 | videoChannelsSortValidator, |
diff --git a/server/controllers/api/video-playlist.ts b/server/controllers/api/video-playlist.ts index de32dec88..fe00034ed 100644 --- a/server/controllers/api/video-playlist.ts +++ b/server/controllers/api/video-playlist.ts | |||
@@ -25,6 +25,7 @@ import { sendCreateVideoPlaylist, sendDeleteVideoPlaylist, sendUpdateVideoPlayli | |||
25 | import { getLocalVideoPlaylistActivityPubUrl, getLocalVideoPlaylistElementActivityPubUrl } from '../../lib/activitypub/url' | 25 | import { getLocalVideoPlaylistActivityPubUrl, getLocalVideoPlaylistElementActivityPubUrl } from '../../lib/activitypub/url' |
26 | import { updatePlaylistMiniatureFromExisting } from '../../lib/thumbnail' | 26 | import { updatePlaylistMiniatureFromExisting } from '../../lib/thumbnail' |
27 | import { | 27 | import { |
28 | apiRateLimiter, | ||
28 | asyncMiddleware, | 29 | asyncMiddleware, |
29 | asyncRetryTransactionMiddleware, | 30 | asyncRetryTransactionMiddleware, |
30 | authenticate, | 31 | authenticate, |
@@ -52,6 +53,8 @@ const reqThumbnailFile = createReqFiles([ 'thumbnailfile' ], MIMETYPES.IMAGE.MIM | |||
52 | 53 | ||
53 | const videoPlaylistRouter = express.Router() | 54 | const videoPlaylistRouter = express.Router() |
54 | 55 | ||
56 | videoPlaylistRouter.use(apiRateLimiter) | ||
57 | |||
55 | videoPlaylistRouter.get('/privacies', listVideoPlaylistPrivacies) | 58 | videoPlaylistRouter.get('/privacies', listVideoPlaylistPrivacies) |
56 | 59 | ||
57 | videoPlaylistRouter.get('/', | 60 | videoPlaylistRouter.get('/', |
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index 41992155d..a34325e79 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts | |||
@@ -15,6 +15,7 @@ import { sequelizeTypescript } from '../../../initializers/database' | |||
15 | import { JobQueue } from '../../../lib/job-queue' | 15 | import { JobQueue } from '../../../lib/job-queue' |
16 | import { Hooks } from '../../../lib/plugins/hooks' | 16 | import { Hooks } from '../../../lib/plugins/hooks' |
17 | import { | 17 | import { |
18 | apiRateLimiter, | ||
18 | asyncMiddleware, | 19 | asyncMiddleware, |
19 | asyncRetryTransactionMiddleware, | 20 | asyncRetryTransactionMiddleware, |
20 | authenticate, | 21 | authenticate, |
@@ -50,6 +51,8 @@ import { viewRouter } from './view' | |||
50 | const auditLogger = auditLoggerFactory('videos') | 51 | const auditLogger = auditLoggerFactory('videos') |
51 | const videosRouter = express.Router() | 52 | const videosRouter = express.Router() |
52 | 53 | ||
54 | videosRouter.use(apiRateLimiter) | ||
55 | |||
53 | videosRouter.use('/', blacklistRouter) | 56 | videosRouter.use('/', blacklistRouter) |
54 | videosRouter.use('/', statsRouter) | 57 | videosRouter.use('/', statsRouter) |
55 | videosRouter.use('/', rateVideoRouter) | 58 | videosRouter.use('/', rateVideoRouter) |
diff --git a/server/middlewares/rate-limiter.ts b/server/middlewares/rate-limiter.ts index 0e936028c..8257965dd 100644 --- a/server/middlewares/rate-limiter.ts +++ b/server/middlewares/rate-limiter.ts | |||
@@ -1,5 +1,6 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit' | 2 | import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit' |
3 | import { CONFIG } from '@server/initializers/config' | ||
3 | import { RunnerModel } from '@server/models/runner/runner' | 4 | import { RunnerModel } from '@server/models/runner/runner' |
4 | import { UserRole } from '@shared/models' | 5 | import { UserRole } from '@shared/models' |
5 | import { optionalAuthenticate } from './auth' | 6 | import { optionalAuthenticate } from './auth' |
@@ -39,6 +40,11 @@ export function buildRateLimiter (options: { | |||
39 | }) | 40 | }) |
40 | } | 41 | } |
41 | 42 | ||
43 | export const apiRateLimiter = buildRateLimiter({ | ||
44 | windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS, | ||
45 | max: CONFIG.RATES_LIMIT.API.MAX | ||
46 | }) | ||
47 | |||
42 | // --------------------------------------------------------------------------- | 48 | // --------------------------------------------------------------------------- |
43 | // Private | 49 | // Private |
44 | // --------------------------------------------------------------------------- | 50 | // --------------------------------------------------------------------------- |
diff --git a/server/tests/api/runners/runner-common.ts b/server/tests/api/runners/runner-common.ts index 554024190..34a51abe7 100644 --- a/server/tests/api/runners/runner-common.ts +++ b/server/tests/api/runners/runner-common.ts | |||
@@ -14,7 +14,6 @@ import { | |||
14 | import { | 14 | import { |
15 | cleanupTests, | 15 | cleanupTests, |
16 | createSingleServer, | 16 | createSingleServer, |
17 | makePostBodyRequest, | ||
18 | PeerTubeServer, | 17 | PeerTubeServer, |
19 | setAccessTokensToServers, | 18 | setAccessTokensToServers, |
20 | setDefaultVideoChannel, | 19 | setDefaultVideoChannel, |
@@ -641,24 +640,47 @@ describe('Test runner common actions', function () { | |||
641 | }) | 640 | }) |
642 | }) | 641 | }) |
643 | 642 | ||
644 | it('Should rate limit an unknown runner', async function () { | 643 | it('Should rate limit an unknown runner, but not a registered one', async function () { |
645 | const path = '/api/v1/ping' | 644 | this.timeout(60000) |
646 | const fields = { runnerToken: 'toto' } | 645 | |
646 | await server.videos.quickUpload({ name: 'video' }) | ||
647 | await waitJobs([ server ]) | ||
648 | |||
649 | const { job } = await server.runnerJobs.autoAccept({ runnerToken }) | ||
647 | 650 | ||
648 | for (let i = 0; i < 20; i++) { | 651 | for (let i = 0; i < 20; i++) { |
649 | try { | 652 | try { |
650 | await makePostBodyRequest({ url: server.url, path, fields, expectedStatus: HttpStatusCode.OK_200 }) | 653 | await server.runnerJobs.request({ runnerToken }) |
654 | await server.runnerJobs.update({ runnerToken, jobToken: job.jobToken, jobUUID: job.uuid }) | ||
651 | } catch {} | 655 | } catch {} |
652 | } | 656 | } |
653 | 657 | ||
654 | await makePostBodyRequest({ url: server.url, path, fields, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | 658 | // Invalid |
655 | }) | 659 | { |
660 | await server.runnerJobs.request({ runnerToken: 'toto', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | ||
661 | await server.runnerJobs.update({ | ||
662 | runnerToken: 'toto', | ||
663 | jobToken: job.jobToken, | ||
664 | jobUUID: job.uuid, | ||
665 | expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 | ||
666 | }) | ||
667 | } | ||
656 | 668 | ||
657 | it('Should not rate limit a registered runner', async function () { | 669 | // Not provided |
658 | const path = '/api/v1/ping' | 670 | { |
671 | await server.runnerJobs.request({ runnerToken: undefined, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | ||
672 | await server.runnerJobs.update({ | ||
673 | runnerToken: undefined, | ||
674 | jobToken: job.jobToken, | ||
675 | jobUUID: job.uuid, | ||
676 | expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 | ||
677 | }) | ||
678 | } | ||
659 | 679 | ||
660 | for (let i = 0; i < 20; i++) { | 680 | // Registered |
661 | await makePostBodyRequest({ url: server.url, path, fields: { runnerToken }, expectedStatus: HttpStatusCode.OK_200 }) | 681 | { |
682 | await server.runnerJobs.request({ runnerToken }) | ||
683 | await server.runnerJobs.update({ runnerToken, jobToken: job.jobToken, jobUUID: job.uuid }) | ||
662 | } | 684 | } |
663 | }) | 685 | }) |
664 | }) | 686 | }) |