From e5a781ec25191c0dbb4a991f25307732d798619d Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Mon, 30 May 2022 11:33:38 +0200
Subject: Bypass rate limits for admins and moderators

---
 server/middlewares/index.ts        |  1 +
 server/middlewares/rate-limiter.ts | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 server/middlewares/rate-limiter.ts

(limited to 'server/middlewares')

diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index d2ed079b6..b40f864ce 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -4,6 +4,7 @@ export * from './activitypub'
 export * from './async'
 export * from './auth'
 export * from './pagination'
+export * from './rate-limiter'
 export * from './robots'
 export * from './servers'
 export * from './sort'
diff --git a/server/middlewares/rate-limiter.ts b/server/middlewares/rate-limiter.ts
new file mode 100644
index 000000000..bc9513969
--- /dev/null
+++ b/server/middlewares/rate-limiter.ts
@@ -0,0 +1,31 @@
+import { UserRole } from '@shared/models'
+import RateLimit from 'express-rate-limit'
+import { optionalAuthenticate } from './auth'
+
+const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])
+
+function buildRateLimiter (options: {
+  windowMs: number
+  max: number
+  skipFailedRequests?: boolean
+}) {
+  return RateLimit({
+    windowMs: options.windowMs,
+    max: options.max,
+    skipFailedRequests: options.skipFailedRequests,
+
+    handler: (req, res, next, options) => {
+      return optionalAuthenticate(req, res, () => {
+        if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {
+          return next()
+        }
+
+        return res.status(options.statusCode).send(options.message)
+      })
+    }
+  })
+}
+
+export {
+  buildRateLimiter
+}
-- 
cgit v1.2.3