Fix runner api rate limit bypass

author: Chocobozzz <me@florianbigard.com> 2023-06-20 14:17:34 +0200
committer: Chocobozzz <me@florianbigard.com> 2023-06-20 14:17:34 +0200
commit: e915cde30ec47258a2beeec5ca748c928b59858c (patch)
tree: f5692ab20c534a61487f3bd471bb6105ed58d88a /server/middlewares/rate-limiter.ts
parent: 923e41fa4f342019298b46e407ea1f0207f74205 (diff)
download: PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.gz
PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.zst
PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/server/middlewares/rate-limiter.ts b/server/middlewares/rate-limiter.ts
index 0e936028c..8257965dd 100644
--- a/server/middlewares/rate-limiter.ts
+++ b/server/middlewares/rate-limiter.ts
@@ -1,5 +1,6 @@
 import express from 'express'
 import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit'
+import { CONFIG } from '@server/initializers/config'
 import { RunnerModel } from '@server/models/runner/runner'
 import { UserRole } from '@shared/models'
 import { optionalAuthenticate } from './auth'
@@ -39,6 +40,11 @@ export function buildRateLimiter (options: {
  })
 }
+export const apiRateLimiter = buildRateLimiter({
+  windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,
+  max: CONFIG.RATES_LIMIT.API.MAX
+})
 // ---------------------------------------------------------------------------
 // Private
 // ---------------------------------------------------------------------------
author	Chocobozzz <me@florianbigard.com>	2023-06-20 14:17:34 +0200
committer	Chocobozzz <me@florianbigard.com>	2023-06-20 14:17:34 +0200
commit	e915cde30ec47258a2beeec5ca748c928b59858c (patch)
tree	f5692ab20c534a61487f3bd471bb6105ed58d88a /server/middlewares/rate-limiter.ts
parent	923e41fa4f342019298b46e407ea1f0207f74205 (diff)
download	PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.gz PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.zst PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.zip