Spacebar/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2024-09-20 17:51:35 +02:00
Code Issues Releases Activity

Skip check for rate limit bypass if no user id is provided

Browse Source
This commit is contained in:
Madeline 2022-07-02 18:55:18 +10:00
parent 4fbebe17d3
commit 519e55b7a5
No known key found for this signature in database
GPG Key ID: 1958E017C36F2E47
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/middlewares/RateLimit.ts
View File

@ -46,12 +46,14 @@ export default function rateLimit(opts: {
}): any {
return async (req: Request, res: Response, next: NextFunction): Promise<any> => {
// exempt user? if so, immediately short circuit
const rights = await getRights(req.user_id);
if (rights.has("BYPASS_RATE_LIMITS")) return;
if (req.user_id) {
const rights = await getRights(req.user_id);
if (rights.has("BYPASS_RATE_LIMITS")) return;
}
const bucket_id = opts.bucket || req.originalUrl.replace(API_PREFIX_TRAILING_SLASH, "");
var executor_id = getIpAdress(req);
if (!opts.onlyIp && req.user_id) executor_id = req.user_id;
if (!opts.onlyIp && req.user_id) executor_id = req.user_id;
var max_hits = opts.count;
if (opts.bot && req.user_bot) max_hits = opts.bot;
@ -161,7 +163,7 @@ export async function initRateLimits(app: Router) {
app.use("/auth/register", rateLimit({ onlyIp: true, success: true, ...routes.auth.register }));
}
async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number }) {
async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number; }) {
const id = opts.executor_id + opts.bucket_id;
var limit = Cache.get(id);
if (!limit) {