api: upgrade express-rate-limit to v7, reuse key generator

2025-06-12 13:17:45 +02:00 · 2024-11-01 12:54:16 +00:00
parent 693204b799
commit d466f8a4af
3 changed files with 20 additions and 18 deletions
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@ -68,31 +68,33 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
        return res.status(status).json(body);
    };

+    const keyGenerator = (req) => hashHmac(getIP(req), 'rate').toString('base64url');
+
    const sessionLimiter = rateLimit({
        windowMs: 60000,
-        max: 10,
-        standardHeaders: true,
+        limit: 10,
+        standardHeaders: 'draft-6',
        legacyHeaders: false,
-        keyGenerator: req => hashHmac(getIP(req), 'rate'),
+        keyGenerator,
        handler: handleRateExceeded
    });

    const apiLimiter = rateLimit({
        windowMs: env.rateLimitWindow * 1000,
-        max: (req) => req.rateLimitMax || env.rateLimitMax,
-        standardHeaders: true,
+        limit: (req) => req.rateLimitMax || env.rateLimitMax,
+        standardHeaders: 'draft-6',
        legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
+        keyGenerator: req => req.rateLimitKey || keyGenerator(req),
        handler: handleRateExceeded
    })

    const apiTunnelLimiter = rateLimit({
        windowMs: env.rateLimitWindow * 1000,
-        max: (req) => req.rateLimitMax || env.rateLimitMax,
-        standardHeaders: true,
+        limit: (req) => req.rateLimitMax || env.rateLimitMax,
+        standardHeaders: 'draft-6',
        legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
-        handler: (req, res) => {
+        keyGenerator: req => req.rateLimitKey || keyGenerator(req),
+        handler: (_, res) => {
            return res.sendStatus(429)
        }
    })