Mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/wukko/cobalt.git synced 2025-06-12 13:17:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

api: upgrade express-rate-limit to v7, reuse key generator

Browse Source
This commit is contained in:
jj
2024-11-01 12:54:16 +00:00
parent 693204b799
commit d466f8a4af
3 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/package.json
View File

@ -31,7 +31,7 @@
"dotenv": "^16.0.1",
"esbuild": "^0.14.51",
"express": "^4.21.0",
"express-rate-limit": "^6.3.0",
"express-rate-limit": "^7.4.1",
"ffmpeg-static": "^5.1.0",
"hls-parser": "^0.10.7",
"ipaddr.js": "2.2.0",

22
api/src/core/api.js
View File

@ -68,31 +68,33 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
return res.status(status).json(body);
};
const keyGenerator = (req) => hashHmac(getIP(req), 'rate').toString('base64url');
const sessionLimiter = rateLimit({
windowMs: 60000,
max: 10,
standardHeaders: true,
limit: 10,
standardHeaders: 'draft-6',
legacyHeaders: false,
keyGenerator: req => hashHmac(getIP(req), 'rate'),
keyGenerator,
handler: handleRateExceeded
});
const apiLimiter = rateLimit({
windowMs: env.rateLimitWindow * 1000,
max: (req) => req.rateLimitMax || env.rateLimitMax,
standardHeaders: true,
limit: (req) => req.rateLimitMax || env.rateLimitMax,
standardHeaders: 'draft-6',
legacyHeaders: false,
keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
keyGenerator: req => req.rateLimitKey || keyGenerator(req),
handler: handleRateExceeded
})
const apiTunnelLimiter = rateLimit({
windowMs: env.rateLimitWindow * 1000,
max: (req) => req.rateLimitMax || env.rateLimitMax,
standardHeaders: true,
limit: (req) => req.rateLimitMax || env.rateLimitMax,
standardHeaders: 'draft-6',
legacyHeaders: false,
keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
handler: (req, res) => {
keyGenerator: req => req.rateLimitKey || keyGenerator(req),
handler: (_, res) => {
return res.sendStatus(429)
}
})