1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
import express from 'express'
import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit'
import { CONFIG } from '@server/initializers/config'
import { RunnerModel } from '@server/models/runner/runner'
import { UserRole } from '@shared/models'
import { optionalAuthenticate } from './auth'
const whitelistRoles = new Set([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])
export function buildRateLimiter (options: {
windowMs: number
max: number
skipFailedRequests?: boolean
}) {
return RateLimit({
windowMs: options.windowMs,
max: options.max,
skipFailedRequests: options.skipFailedRequests,
handler: (req, res, next, options) => {
// Bypass rate limit for registered runners
if (req.body?.runnerToken) {
return RunnerModel.loadByToken(req.body.runnerToken)
.then(runner => {
if (runner) return next()
return sendRateLimited(res, options)
})
}
// Bypass rate limit for admins/moderators
return optionalAuthenticate(req, res, () => {
if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {
return next()
}
return sendRateLimited(res, options)
})
}
})
}
export const apiRateLimiter = buildRateLimiter({
windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,
max: CONFIG.RATES_LIMIT.API.MAX
})
// ---------------------------------------------------------------------------
// Private
// ---------------------------------------------------------------------------
function sendRateLimited (res: express.Response, options: RateLimitHandlerOptions) {
return res.status(options.statusCode).send(options.message)
}
|
