1 files changed, 40 insertions, 11 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index a85c10720..2d0c49904 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -5,27 +5,53 @@ import { join } from 'path'
 import { logger } from '@server/helpers/logger'
 import { CONFIG } from '@server/initializers/config'
 import { Hooks } from '@server/lib/plugins/hooks'
+import { root } from '@shared/core-utils'
 import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '@shared/core-utils/i18n'
 import { HttpStatusCode } from '@shared/models'
-import { root } from '@shared/core-utils'
 import { STATIC_MAX_AGE } from '../initializers/constants'
 import { ClientHtml, sendHTML, serveIndexHTML } from '../lib/client-html'
-import { asyncMiddleware, embedCSP } from '../middlewares'
+import { asyncMiddleware, buildRateLimiter, embedCSP } from '../middlewares'
 const clientsRouter = express.Router()
+const clientsRateLimiter = buildRateLimiter({
+  windowMs: CONFIG.RATES_LIMIT.CLIENT.WINDOW_MS,
+  max: CONFIG.RATES_LIMIT.CLIENT.MAX
+})
 const distPath = join(root(), 'client', 'dist')
 const testEmbedPath = join(distPath, 'standalone', 'videos', 'test-embed.html')
 // Special route that add OpenGraph and oEmbed tags
 // Do not use a template engine for a so little thing
-clientsRouter.use([ '/w/p/:id', '/videos/watch/playlist/:id' ], asyncMiddleware(generateWatchPlaylistHtmlPage))
+clientsRouter.use([ '/w/p/:id', '/videos/watch/playlist/:id' ],
-clientsRouter.use([ '/w/:id', '/videos/watch/:id' ], asyncMiddleware(generateWatchHtmlPage))
+  clientsRateLimiter,
-clientsRouter.use([ '/accounts/:nameWithHost', '/a/:nameWithHost' ], asyncMiddleware(generateAccountHtmlPage))
+  asyncMiddleware(generateWatchPlaylistHtmlPage)
-clientsRouter.use([ '/video-channels/:nameWithHost', '/c/:nameWithHost' ], asyncMiddleware(generateVideoChannelHtmlPage))
+)
-clientsRouter.use('/@:nameWithHost', asyncMiddleware(generateActorHtmlPage))
+clientsRouter.use([ '/w/:id', '/videos/watch/:id' ],
+  clientsRateLimiter,
+  asyncMiddleware(generateWatchHtmlPage)
+)
+clientsRouter.use([ '/accounts/:nameWithHost', '/a/:nameWithHost' ],
+  clientsRateLimiter,
+  asyncMiddleware(generateAccountHtmlPage)
+)
+clientsRouter.use([ '/video-channels/:nameWithHost', '/c/:nameWithHost' ],
+  clientsRateLimiter,
+  asyncMiddleware(generateVideoChannelHtmlPage)
+)
+clientsRouter.use('/@:nameWithHost',
+  clientsRateLimiter,
+  asyncMiddleware(generateActorHtmlPage)
+)
 const embedMiddlewares = [
+  clientsRateLimiter,
  CONFIG.CSP.ENABLED
    ? embedCSP
    : (req: express.Request, res: express.Response, next: express.NextFunction) => next(),
@@ -48,11 +74,11 @@ clientsRouter.use('/video-playlists/embed', ...embedMiddlewares)
 const testEmbedController = (req: express.Request, res: express.Response) => res.sendFile(testEmbedPath)
-clientsRouter.use('/videos/test-embed', testEmbedController)
+clientsRouter.use('/videos/test-embed', clientsRateLimiter, testEmbedController)
-clientsRouter.use('/video-playlists/test-embed', testEmbedController)
+clientsRouter.use('/video-playlists/test-embed', clientsRateLimiter, testEmbedController)
 // Dynamic PWA manifest
-clientsRouter.get('/manifest.webmanifest', asyncMiddleware(generateManifest))
+clientsRouter.get('/manifest.webmanifest', clientsRateLimiter, asyncMiddleware(generateManifest))
 // Static client overrides
 // Must be consistent with static client overrides redirections in /support/nginx/peertube
@@ -88,7 +114,10 @@ clientsRouter.use('/client/*', (req: express.Request, res: express.Response) =>
 // Always serve index client page (the client is a single page application, let it handle routing)
 // Try to provide the right language index.html
-clientsRouter.use('/(:language)?', asyncMiddleware(serveIndexHTML))
+clientsRouter.use('/(:language)?',
+  clientsRateLimiter,
+  asyncMiddleware(serveIndexHTML)
+)
 // ---------------------------------------------------------------------------

diff --git a/server/controllers/client.ts b/server/controllers/client.ts index a85c10720..2d0c49904 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts
@@ -5,27 +5,53 @@ import { join } from 'path'
5	import { logger } from '@server/helpers/logger'	5	import { logger } from '@server/helpers/logger'
6	import { CONFIG } from '@server/initializers/config'	6	import { CONFIG } from '@server/initializers/config'
7	import { Hooks } from '@server/lib/plugins/hooks'	7	import { Hooks } from '@server/lib/plugins/hooks'
		8	import { root } from '@shared/core-utils'
8	import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '@shared/core-utils/i18n'	9	import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '@shared/core-utils/i18n'
9	import { HttpStatusCode } from '@shared/models'	10	import { HttpStatusCode } from '@shared/models'
10	import { root } from '@shared/core-utils'
11	import { STATIC_MAX_AGE } from '../initializers/constants'	11	import { STATIC_MAX_AGE } from '../initializers/constants'
12	import { ClientHtml, sendHTML, serveIndexHTML } from '../lib/client-html'	12	import { ClientHtml, sendHTML, serveIndexHTML } from '../lib/client-html'
13	import { asyncMiddleware, embedCSP } from '../middlewares'	13	import { asyncMiddleware, buildRateLimiter, embedCSP } from '../middlewares'
14		14
15	const clientsRouter = express.Router()	15	const clientsRouter = express.Router()
16		16
		17	const clientsRateLimiter = buildRateLimiter({
		18	windowMs: CONFIG.RATES_LIMIT.CLIENT.WINDOW_MS,
		19	max: CONFIG.RATES_LIMIT.CLIENT.MAX
		20	})
		21
17	const distPath = join(root(), 'client', 'dist')	22	const distPath = join(root(), 'client', 'dist')
18	const testEmbedPath = join(distPath, 'standalone', 'videos', 'test-embed.html')	23	const testEmbedPath = join(distPath, 'standalone', 'videos', 'test-embed.html')
19		24
20	// Special route that add OpenGraph and oEmbed tags	25	// Special route that add OpenGraph and oEmbed tags
21	// Do not use a template engine for a so little thing	26	// Do not use a template engine for a so little thing
22	clientsRouter.use([ '/w/p/:id', '/videos/watch/playlist/:id' ], asyncMiddleware(generateWatchPlaylistHtmlPage))	27	clientsRouter.use([ '/w/p/:id', '/videos/watch/playlist/:id' ],
23	clientsRouter.use([ '/w/:id', '/videos/watch/:id' ], asyncMiddleware(generateWatchHtmlPage))	28	clientsRateLimiter,
24	clientsRouter.use([ '/accounts/:nameWithHost', '/a/:nameWithHost' ], asyncMiddleware(generateAccountHtmlPage))	29	asyncMiddleware(generateWatchPlaylistHtmlPage)
25	clientsRouter.use([ '/video-channels/:nameWithHost', '/c/:nameWithHost' ], asyncMiddleware(generateVideoChannelHtmlPage))	30	)
26	clientsRouter.use('/@:nameWithHost', asyncMiddleware(generateActorHtmlPage))	31
		32	clientsRouter.use([ '/w/:id', '/videos/watch/:id' ],
		33	clientsRateLimiter,
		34	asyncMiddleware(generateWatchHtmlPage)
		35	)
		36
		37	clientsRouter.use([ '/accounts/:nameWithHost', '/a/:nameWithHost' ],
		38	clientsRateLimiter,
		39	asyncMiddleware(generateAccountHtmlPage)
		40	)
		41
		42	clientsRouter.use([ '/video-channels/:nameWithHost', '/c/:nameWithHost' ],
		43	clientsRateLimiter,
		44	asyncMiddleware(generateVideoChannelHtmlPage)
		45	)
		46
		47	clientsRouter.use('/@:nameWithHost',
		48	clientsRateLimiter,
		49	asyncMiddleware(generateActorHtmlPage)
		50	)
27		51
28	const embedMiddlewares = [	52	const embedMiddlewares = [
		53	clientsRateLimiter,
		54
29	CONFIG.CSP.ENABLED	55	CONFIG.CSP.ENABLED
30	? embedCSP	56	? embedCSP
31	: (req: express.Request, res: express.Response, next: express.NextFunction) => next(),	57	: (req: express.Request, res: express.Response, next: express.NextFunction) => next(),
@@ -48,11 +74,11 @@ clientsRouter.use('/video-playlists/embed', ...embedMiddlewares)
48		74
49	const testEmbedController = (req: express.Request, res: express.Response) => res.sendFile(testEmbedPath)	75	const testEmbedController = (req: express.Request, res: express.Response) => res.sendFile(testEmbedPath)
50		76
51	clientsRouter.use('/videos/test-embed', testEmbedController)	77	clientsRouter.use('/videos/test-embed', clientsRateLimiter, testEmbedController)
52	clientsRouter.use('/video-playlists/test-embed', testEmbedController)	78	clientsRouter.use('/video-playlists/test-embed', clientsRateLimiter, testEmbedController)
53		79
54	// Dynamic PWA manifest	80	// Dynamic PWA manifest
55	clientsRouter.get('/manifest.webmanifest', asyncMiddleware(generateManifest))	81	clientsRouter.get('/manifest.webmanifest', clientsRateLimiter, asyncMiddleware(generateManifest))
56		82
57	// Static client overrides	83	// Static client overrides
58	// Must be consistent with static client overrides redirections in /support/nginx/peertube	84	// Must be consistent with static client overrides redirections in /support/nginx/peertube
@@ -88,7 +114,10 @@ clientsRouter.use('/client/*', (req: express.Request, res: express.Response) =>
88		114
89	// Always serve index client page (the client is a single page application, let it handle routing)	115	// Always serve index client page (the client is a single page application, let it handle routing)
90	// Try to provide the right language index.html	116	// Try to provide the right language index.html
91	clientsRouter.use('/(:language)?', asyncMiddleware(serveIndexHTML))	117	clientsRouter.use('/(:language)?',
		118	clientsRateLimiter,
		119	asyncMiddleware(serveIndexHTML)
		120	)
92		121
93	// ---------------------------------------------------------------------------	122	// ---------------------------------------------------------------------------
94		123