diff options
Diffstat (limited to 'server/controllers/well-known.ts')
| -rw-r--r-- | server/controllers/well-known.ts | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/server/controllers/well-known.ts b/server/controllers/well-known.ts index bb9acfb37..322cf6ea2 100644 --- a/server/controllers/well-known.ts +++ b/server/controllers/well-known.ts | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | import cors from 'cors' | 1 | import cors from 'cors' |
| 2 | import express from 'express' | 2 | import express from 'express' |
| 3 | import { join } from 'path' | 3 | import { join } from 'path' |
| 4 | import { asyncMiddleware, handleStaticError, webfingerValidator } from '@server/middlewares' | 4 | import { asyncMiddleware, buildRateLimiter, handleStaticError, webfingerValidator } from '@server/middlewares' |
| 5 | import { root } from '@shared/core-utils' | 5 | import { root } from '@shared/core-utils' |
| 6 | import { CONFIG } from '../initializers/config' | 6 | import { CONFIG } from '../initializers/config' |
| 7 | import { ROUTE_CACHE_LIFETIME, WEBSERVER } from '../initializers/constants' | 7 | import { ROUTE_CACHE_LIFETIME, WEBSERVER } from '../initializers/constants' |
| @@ -9,14 +9,21 @@ import { cacheRoute } from '../middlewares/cache/cache' | |||
| 9 | 9 | ||
| 10 | const wellKnownRouter = express.Router() | 10 | const wellKnownRouter = express.Router() |
| 11 | 11 | ||
| 12 | const wellKnownRateLimiter = buildRateLimiter({ | ||
| 13 | windowMs: CONFIG.RATES_LIMIT.WELL_KNOWN.WINDOW_MS, | ||
| 14 | max: CONFIG.RATES_LIMIT.WELL_KNOWN.MAX | ||
| 15 | }) | ||
| 16 | |||
| 12 | wellKnownRouter.use(cors()) | 17 | wellKnownRouter.use(cors()) |
| 13 | 18 | ||
| 14 | wellKnownRouter.get('/.well-known/webfinger', | 19 | wellKnownRouter.get('/.well-known/webfinger', |
| 20 | wellKnownRateLimiter, | ||
| 15 | asyncMiddleware(webfingerValidator), | 21 | asyncMiddleware(webfingerValidator), |
| 16 | webfingerController | 22 | webfingerController |
| 17 | ) | 23 | ) |
| 18 | 24 | ||
| 19 | wellKnownRouter.get('/.well-known/security.txt', | 25 | wellKnownRouter.get('/.well-known/security.txt', |
| 26 | wellKnownRateLimiter, | ||
| 20 | cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT), | 27 | cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT), |
| 21 | (_, res: express.Response) => { | 28 | (_, res: express.Response) => { |
| 22 | res.type('text/plain') | 29 | res.type('text/plain') |
| @@ -26,6 +33,7 @@ wellKnownRouter.get('/.well-known/security.txt', | |||
| 26 | 33 | ||
| 27 | // nodeinfo service | 34 | // nodeinfo service |
| 28 | wellKnownRouter.use('/.well-known/nodeinfo', | 35 | wellKnownRouter.use('/.well-known/nodeinfo', |
| 36 | wellKnownRateLimiter, | ||
| 29 | cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO), | 37 | cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO), |
| 30 | (_, res: express.Response) => { | 38 | (_, res: express.Response) => { |
| 31 | return res.json({ | 39 | return res.json({ |
| @@ -41,6 +49,7 @@ wellKnownRouter.use('/.well-known/nodeinfo', | |||
| 41 | 49 | ||
| 42 | // dnt-policy.txt service (see https://www.eff.org/dnt-policy) | 50 | // dnt-policy.txt service (see https://www.eff.org/dnt-policy) |
| 43 | wellKnownRouter.use('/.well-known/dnt-policy.txt', | 51 | wellKnownRouter.use('/.well-known/dnt-policy.txt', |
| 52 | wellKnownRateLimiter, | ||
| 44 | cacheRoute(ROUTE_CACHE_LIFETIME.DNT_POLICY), | 53 | cacheRoute(ROUTE_CACHE_LIFETIME.DNT_POLICY), |
| 45 | (_, res: express.Response) => { | 54 | (_, res: express.Response) => { |
| 46 | res.type('text/plain') | 55 | res.type('text/plain') |
| @@ -51,18 +60,21 @@ wellKnownRouter.use('/.well-known/dnt-policy.txt', | |||
| 51 | 60 | ||
| 52 | // dnt service (see https://www.w3.org/TR/tracking-dnt/#status-resource) | 61 | // dnt service (see https://www.w3.org/TR/tracking-dnt/#status-resource) |
| 53 | wellKnownRouter.use('/.well-known/dnt/', | 62 | wellKnownRouter.use('/.well-known/dnt/', |
| 63 | wellKnownRateLimiter, | ||
| 54 | (_, res: express.Response) => { | 64 | (_, res: express.Response) => { |
| 55 | res.json({ tracking: 'N' }) | 65 | res.json({ tracking: 'N' }) |
| 56 | } | 66 | } |
| 57 | ) | 67 | ) |
| 58 | 68 | ||
| 59 | wellKnownRouter.use('/.well-known/change-password', | 69 | wellKnownRouter.use('/.well-known/change-password', |
| 70 | wellKnownRateLimiter, | ||
| 60 | (_, res: express.Response) => { | 71 | (_, res: express.Response) => { |
| 61 | res.redirect('/my-account/settings') | 72 | res.redirect('/my-account/settings') |
| 62 | } | 73 | } |
| 63 | ) | 74 | ) |
| 64 | 75 | ||
| 65 | wellKnownRouter.use('/.well-known/host-meta', | 76 | wellKnownRouter.use('/.well-known/host-meta', |
| 77 | wellKnownRateLimiter, | ||
| 66 | (_, res: express.Response) => { | 78 | (_, res: express.Response) => { |
| 67 | res.type('application/xml') | 79 | res.type('application/xml') |
| 68 | 80 | ||
| @@ -76,6 +88,7 @@ wellKnownRouter.use('/.well-known/host-meta', | |||
| 76 | ) | 88 | ) |
| 77 | 89 | ||
| 78 | wellKnownRouter.use('/.well-known/', | 90 | wellKnownRouter.use('/.well-known/', |
| 91 | wellKnownRateLimiter, | ||
| 79 | cacheRoute(ROUTE_CACHE_LIFETIME.WELL_KNOWN), | 92 | cacheRoute(ROUTE_CACHE_LIFETIME.WELL_KNOWN), |
| 80 | express.static(CONFIG.STORAGE.WELL_KNOWN_DIR, { fallthrough: false }), | 93 | express.static(CONFIG.STORAGE.WELL_KNOWN_DIR, { fallthrough: false }), |
| 81 | handleStaticError | 94 | handleStaticError |