1 files changed, 23 insertions, 5 deletions

diff --git a/server/middlewares/rate-limiter.ts b/server/middlewares/rate-limiter.ts
index bc9513969..1eef8b360 100644
--- a/server/middlewares/rate-limiter.ts
+++ b/server/middlewares/rate-limiter.ts
@@ -1,10 +1,12 @@
+import express from 'express'
+import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit'
+import { RunnerModel } from '@server/models/runner/runner'
 import { UserRole } from '@shared/models'
-import RateLimit from 'express-rate-limit'
 import { optionalAuthenticate } from './auth'
 
 const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])
 
-function buildRateLimiter (options: {
+export function buildRateLimiter (options: {
   windowMs: number
   max: number
   skipFailedRequests?: boolean
@@ -15,17 +17,33 @@ function buildRateLimiter (options: {
     skipFailedRequests: options.skipFailedRequests,
 
     handler: (req, res, next, options) => {
+      // Bypass rate limit for registered runners
+      if (req.body?.runnerToken) {
+        return RunnerModel.loadByToken(req.body.runnerToken)
+          .then(runner => {
+            if (runner) return next()
+
+            return sendRateLimited(res, options)
+          })
+      }
+
+      // Bypass rate limit for admins/moderators
       return optionalAuthenticate(req, res, () => {
         if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {
           return next()
         }
 
-        return res.status(options.statusCode).send(options.message)
+        return sendRateLimited(res, options)
       })
     }
   })
 }
 
-export {
-  buildRateLimiter
+// ---------------------------------------------------------------------------
+// Private
+// ---------------------------------------------------------------------------
+
+function sendRateLimited (res: express.Response, options: RateLimitHandlerOptions) {
+  return res.status(options.statusCode).send(options.message)
+
 }