4 files changed, 35 insertions, 3 deletions
diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index d2ed079b6..b40f864ce 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -4,6 +4,7 @@ export * from './activitypub'
 export * from './async'
 export * from './auth'
 export * from './pagination'
+export * from './rate-limiter'
 export * from './robots'
 export * from './servers'
 export * from './sort'
diff --git a/server/middlewares/rate-limiter.ts b/server/middlewares/rate-limiter.ts
new file mode 100644
index 000000000..bc9513969
--- /dev/null
+++ b/server/middlewares/rate-limiter.ts
@@ -0,0 +1,31 @@
+import { UserRole } from '@shared/models'
+import RateLimit from 'express-rate-limit'
+import { optionalAuthenticate } from './auth'
+const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])
+function buildRateLimiter (options: {
+  windowMs: number
+  max: number
+  skipFailedRequests?: boolean
+}) {
+  return RateLimit({
+    windowMs: options.windowMs,
+    max: options.max,
+    skipFailedRequests: options.skipFailedRequests,
+    handler: (req, res, next, options) => {
+      return optionalAuthenticate(req, res, () => {
+        if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {
+          return next()
+        }
+        return res.status(options.statusCode).send(options.message)
+      })
+    }
+  })
+}
+export {
+  buildRateLimiter
+}
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index 3ba668460..c9978e3b4 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -28,7 +28,7 @@ function createSortableColumns (sortableColumns: string[]) {
  return sortableColumns.concat(sortableColumnDesc)
 }
-const usersSortValidator = checkSortFactory(SORTABLE_COLUMNS.USERS)
+const adminUsersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ADMIN_USERS)
 const accountsSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS)
 const jobsSortValidator = checkSortFactory(SORTABLE_COLUMNS.JOBS, [ 'jobs' ])
 const abusesSortValidator = checkSortFactory(SORTABLE_COLUMNS.ABUSES)
@@ -59,7 +59,7 @@ const videoChannelsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.CH
 // ---------------------------------------------------------------------------
 export {
-  usersSortValidator,
+  adminUsersSortValidator,
  abusesSortValidator,
  videoChannelsSortValidator,
  videoImportsSortValidator,
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index bc6007c6d..6d306121e 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -486,7 +486,7 @@ const ensureAuthUserOwnsAccountValidator = [
    if (res.locals.account.id !== user.Account.id) {
      return res.fail({
        status: HttpStatusCode.FORBIDDEN_403,
-        message: 'Only owner of this account can access this ressource.'
+        message: 'Only owner of this account can access this resource.'
      })
    }

diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts index d2ed079b6..b40f864ce 100644 --- a/server/middlewares/index.ts +++ b/server/middlewares/index.ts
@@ -4,6 +4,7 @@ export * from './activitypub'
4	export * from './async'	4	export * from './async'
5	export * from './auth'	5	export * from './auth'
6	export * from './pagination'	6	export * from './pagination'
		7	export * from './rate-limiter'
7	export * from './robots'	8	export * from './robots'
8	export * from './servers'	9	export * from './servers'
9	export * from './sort'	10	export * from './sort'


diff --git a/server/middlewares/rate-limiter.ts b/server/middlewares/rate-limiter.ts new file mode 100644 index 000000000..bc9513969 --- /dev/null +++ b/server/middlewares/rate-limiter.ts
@@ -0,0 +1,31 @@
		1	import { UserRole } from '@shared/models'
		2	import RateLimit from 'express-rate-limit'
		3	import { optionalAuthenticate } from './auth'
		4
		5	const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])
		6
		7	function buildRateLimiter (options: {
		8	windowMs: number
		9	max: number
		10	skipFailedRequests?: boolean
		11	}) {
		12	return RateLimit({
		13	windowMs: options.windowMs,
		14	max: options.max,
		15	skipFailedRequests: options.skipFailedRequests,
		16
		17	handler: (req, res, next, options) => {
		18	return optionalAuthenticate(req, res, () => {
		19	if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {
		20	return next()
		21	}
		22
		23	return res.status(options.statusCode).send(options.message)
		24	})
		25	}
		26	})
		27	}
		28
		29	export {
		30	buildRateLimiter
		31	}


diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts index 3ba668460..c9978e3b4 100644 --- a/server/middlewares/validators/sort.ts +++ b/server/middlewares/validators/sort.ts
@@ -28,7 +28,7 @@ function createSortableColumns (sortableColumns: string[]) {
28	return sortableColumns.concat(sortableColumnDesc)	28	return sortableColumns.concat(sortableColumnDesc)
29	}	29	}
30		30
31	const usersSortValidator = checkSortFactory(SORTABLE_COLUMNS.USERS)	31	const adminUsersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ADMIN_USERS)
32	const accountsSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS)	32	const accountsSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNTS)
33	const jobsSortValidator = checkSortFactory(SORTABLE_COLUMNS.JOBS, [ 'jobs' ])	33	const jobsSortValidator = checkSortFactory(SORTABLE_COLUMNS.JOBS, [ 'jobs' ])
34	const abusesSortValidator = checkSortFactory(SORTABLE_COLUMNS.ABUSES)	34	const abusesSortValidator = checkSortFactory(SORTABLE_COLUMNS.ABUSES)
@@ -59,7 +59,7 @@ const videoChannelsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.CH
59	// ---------------------------------------------------------------------------	59	// ---------------------------------------------------------------------------
60		60
61	export {	61	export {
62	usersSortValidator,	62	adminUsersSortValidator,
63	abusesSortValidator,	63	abusesSortValidator,
64	videoChannelsSortValidator,	64	videoChannelsSortValidator,
65	videoImportsSortValidator,	65	videoImportsSortValidator,


diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index bc6007c6d..6d306121e 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -486,7 +486,7 @@ const ensureAuthUserOwnsAccountValidator = [
486	if (res.locals.account.id !== user.Account.id) {	486	if (res.locals.account.id !== user.Account.id) {
487	return res.fail({	487	return res.fail({
488	status: HttpStatusCode.FORBIDDEN_403,	488	status: HttpStatusCode.FORBIDDEN_403,
489	message: 'Only owner of this account can access this ressource.'	489	message: 'Only owner of this account can access this resource.'
490	})	490	})
491	}	491	}
492		492