miteruzo
/
nizika_video
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
ニジカ投稿局 https://tv.nizika.tv
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
24 MiB
Tree: 6632905f32
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6632905f32'
${ noResults }
nizika_video/server/core/middlewares/rate-limiter.ts

rate-limiter.ts 2.0 KiB
Raw Normal View History

はじまりの大地
2 months ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. import express from 'express'

  2. import RateLimit, { Options as RateLimitHandlerOptions } from 'express-rate-limit'

  3. import { UserRole, UserRoleType } from '@peertube/peertube-models'

  4. import { CONFIG } from '@server/initializers/config.js'

  5. import { RunnerModel } from '@server/models/runner/runner.js'

  6. import { optionalAuthenticate } from './auth.js'

  7. import { logger } from '@server/helpers/logger.js'

  8. 

  9. const whitelistRoles = new Set<UserRoleType>([ UserRole.ADMINISTRATOR, UserRole.MODERATOR ])

  10. 

  11. export function buildRateLimiter (options: {

  12.   windowMs: number

  13.   max: number

  14.   skipFailedRequests?: boolean

  15. }) {

  16.   return RateLimit({

  17.     windowMs: options.windowMs,

  18.     max: options.max,

  19.     skipFailedRequests: options.skipFailedRequests,

  20. 

  21.     handler: (req, res, next, options) => {

  22.       // Bypass rate limit for registered runners

  23.       if (req.body?.runnerToken) {

  24.         return RunnerModel.loadByToken(req.body.runnerToken)

  25.           .then(runner => {

  26.             if (runner) return next()

  27. 

  28.             return sendRateLimited(req, res, options)

  29.           })

  30.       }

  31. 

  32.       // Bypass rate limit for admins/moderators

  33.       return optionalAuthenticate(req, res, () => {

  34.         if (res.locals.authenticated === true && whitelistRoles.has(res.locals.oauth.token.User.role)) {

  35.           return next()

  36.         }

  37. 

  38.         return sendRateLimited(req, res, options)

  39.       })

  40.     }

  41.   })

  42. }

  43. 

  44. export const apiRateLimiter = buildRateLimiter({

  45.   windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,

  46.   max: CONFIG.RATES_LIMIT.API.MAX

  47. })

  48. 

  49. export const activityPubRateLimiter = buildRateLimiter({

  50.   windowMs: CONFIG.RATES_LIMIT.ACTIVITY_PUB.WINDOW_MS,

  51.   max: CONFIG.RATES_LIMIT.ACTIVITY_PUB.MAX

  52. })

  53. 

  54. // ---------------------------------------------------------------------------

  55. // Private

  56. // ---------------------------------------------------------------------------

  57. 

  58. function sendRateLimited (req: express.Request, res: express.Response, options: RateLimitHandlerOptions) {

  59.   logger.debug('Rate limit exceeded for route ' + req.originalUrl)

  60. 

  61.   return res.status(options.statusCode).send(options.message)

  62. }