From e5a781ec25191c0dbb4a991f25307732d798619d Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Mon, 30 May 2022 11:33:38 +0200
Subject: Bypass rate limits for admins and moderators

---
 server/controllers/api/users/index.ts | 8 ++++----
 server/controllers/api/users/token.ts | 5 ++---
 2 files changed, 6 insertions(+), 7 deletions(-)

(limited to 'server/controllers/api/users')

diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index e13e31aaf..46e80d56d 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -1,5 +1,4 @@
 import express from 'express'
-import RateLimit from 'express-rate-limit'
 import { tokensRouter } from '@server/controllers/api/users/token'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
@@ -17,9 +16,11 @@ import { Notifier } from '../../../lib/notifier'
 import { Redis } from '../../../lib/redis'
 import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
 import {
+  adminUsersSortValidator,
   asyncMiddleware,
   asyncRetryTransactionMiddleware,
   authenticate,
+  buildRateLimiter,
   ensureUserHasRight,
   ensureUserRegistrationAllowed,
   ensureUserRegistrationAllowedForIP,
@@ -32,7 +33,6 @@ import {
   usersListValidator,
   usersRegisterValidator,
   usersRemoveValidator,
-  adminUsersSortValidator,
   usersUpdateValidator
 } from '../../../middlewares'
 import {
@@ -54,13 +54,13 @@ import { myVideoPlaylistsRouter } from './my-video-playlists'
 
 const auditLogger = auditLoggerFactory('users')
 
-const signupRateLimiter = RateLimit({
+const signupRateLimiter = buildRateLimiter({
   windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
   max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
   skipFailedRequests: true
 })
 
-const askSendEmailLimiter = RateLimit({
+const askSendEmailLimiter = buildRateLimiter({
   windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
   max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
 })
diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts
index 258b50fe9..012a49791 100644
--- a/server/controllers/api/users/token.ts
+++ b/server/controllers/api/users/token.ts
@@ -1,18 +1,17 @@
 import express from 'express'
-import RateLimit from 'express-rate-limit'
 import { logger } from '@server/helpers/logger'
 import { CONFIG } from '@server/initializers/config'
 import { getAuthNameFromRefreshGrant, getBypassFromExternalAuth, getBypassFromPasswordGrant } from '@server/lib/auth/external-auth'
 import { handleOAuthToken } from '@server/lib/auth/oauth'
 import { BypassLogin, revokeToken } from '@server/lib/auth/oauth-model'
 import { Hooks } from '@server/lib/plugins/hooks'
-import { asyncMiddleware, authenticate, openapiOperationDoc } from '@server/middlewares'
+import { asyncMiddleware, authenticate, buildRateLimiter, openapiOperationDoc } from '@server/middlewares'
 import { buildUUID } from '@shared/extra-utils'
 import { ScopedToken } from '@shared/models/users/user-scoped-token'
 
 const tokensRouter = express.Router()
 
-const loginRateLimiter = RateLimit({
+const loginRateLimiter = buildRateLimiter({
   windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
   max: CONFIG.RATES_LIMIT.LOGIN.MAX
 })
-- 
cgit v1.2.3