Fix runner api rate limit bypass

author: Chocobozzz <me@florianbigard.com> 2023-06-20 14:17:34 +0200
committer: Chocobozzz <me@florianbigard.com> 2023-06-20 14:17:34 +0200
commit: e915cde30ec47258a2beeec5ca748c928b59858c (patch)
tree: f5692ab20c534a61487f3bd471bb6105ed58d88a /server/controllers/api/index.ts
parent: 923e41fa4f342019298b46e407ea1f0207f74205 (diff)
download: PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.gz
PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.zst
PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.zip
1 files changed, 3 insertions, 8 deletions
diff --git a/server/controllers/api/index.ts b/server/controllers/api/index.ts
index 646f9597e..31f1a56f9 100644
--- a/server/controllers/api/index.ts
+++ b/server/controllers/api/index.ts
@@ -1,9 +1,8 @@
 import cors from 'cors'
 import express from 'express'
-import { buildRateLimiter } from '@server/middlewares'
 import { HttpStatusCode } from '../../../shared/models'
 import { badRequest } from '../../helpers/express-utils'
-import { CONFIG } from '../../initializers/config'
 import { abuseRouter } from './abuse'
 import { accountsRouter } from './accounts'
 import { blocklistRouter } from './blocklist'
@@ -32,12 +31,6 @@ apiRouter.use(cors({
  credentials: true
 }))
-const apiRateLimiter = buildRateLimiter({
-  windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,
-  max: CONFIG.RATES_LIMIT.API.MAX
-})
-apiRouter.use(apiRateLimiter)
 apiRouter.use('/server', serverRouter)
 apiRouter.use('/abuses', abuseRouter)
 apiRouter.use('/bulk', bulkRouter)
@@ -57,6 +50,8 @@ apiRouter.use('/plugins', pluginRouter)
 apiRouter.use('/custom-pages', customPageRouter)
 apiRouter.use('/blocklist', blocklistRouter)
 apiRouter.use('/runners', runnersRouter)
+// apiRouter.use(apiRateLimiter)
 apiRouter.use('/ping', pong)
 apiRouter.use('/*', badRequest)
author	Chocobozzz <me@florianbigard.com>	2023-06-20 14:17:34 +0200
committer	Chocobozzz <me@florianbigard.com>	2023-06-20 14:17:34 +0200
commit	e915cde30ec47258a2beeec5ca748c928b59858c (patch)
tree	f5692ab20c534a61487f3bd471bb6105ed58d88a /server/controllers/api/index.ts
parent	923e41fa4f342019298b46e407ea1f0207f74205 (diff)
download	PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.gz PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.zst PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.zip

diff --git a/server/controllers/api/index.ts b/server/controllers/api/index.ts index 646f9597e..31f1a56f9 100644 --- a/server/controllers/api/index.ts +++ b/server/controllers/api/index.ts
@@ -1,9 +1,8 @@
1	import cors from 'cors'	1	import cors from 'cors'
2	import express from 'express'	2	import express from 'express'
3	import { buildRateLimiter } from '@server/middlewares'	3
4	import { HttpStatusCode } from '../../../shared/models'	4	import { HttpStatusCode } from '../../../shared/models'
5	import { badRequest } from '../../helpers/express-utils'	5	import { badRequest } from '../../helpers/express-utils'
6	import { CONFIG } from '../../initializers/config'
7	import { abuseRouter } from './abuse'	6	import { abuseRouter } from './abuse'
8	import { accountsRouter } from './accounts'	7	import { accountsRouter } from './accounts'
9	import { blocklistRouter } from './blocklist'	8	import { blocklistRouter } from './blocklist'
@@ -32,12 +31,6 @@ apiRouter.use(cors({
32	credentials: true	31	credentials: true
33	}))	32	}))
34		33
35	const apiRateLimiter = buildRateLimiter({
36	windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,
37	max: CONFIG.RATES_LIMIT.API.MAX
38	})
39	apiRouter.use(apiRateLimiter)
40
41	apiRouter.use('/server', serverRouter)	34	apiRouter.use('/server', serverRouter)
42	apiRouter.use('/abuses', abuseRouter)	35	apiRouter.use('/abuses', abuseRouter)
43	apiRouter.use('/bulk', bulkRouter)	36	apiRouter.use('/bulk', bulkRouter)
@@ -57,6 +50,8 @@ apiRouter.use('/plugins', pluginRouter)
57	apiRouter.use('/custom-pages', customPageRouter)	50	apiRouter.use('/custom-pages', customPageRouter)
58	apiRouter.use('/blocklist', blocklistRouter)	51	apiRouter.use('/blocklist', blocklistRouter)
59	apiRouter.use('/runners', runnersRouter)	52	apiRouter.use('/runners', runnersRouter)
		53
		54	// apiRouter.use(apiRateLimiter)
60	apiRouter.use('/ping', pong)	55	apiRouter.use('/ping', pong)
61	apiRouter.use('/*', badRequest)	56	apiRouter.use('/*', badRequest)
62		57