krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 15:17:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve rate limiting

Browse Source
This commit is contained in:
Phillip Thelen
2024-07-18 18:49:58 +02:00
parent 04554c5309
commit 2465189fb1
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
website/server/middlewares/rateLimiter.js
View File

@@ -22,6 +22,8 @@ const REDIS_HOST = nconf.get('REDIS_HOST');
const REDIS_PASSWORD = nconf.get('REDIS_PASSWORD'); const REDIS_PASSWORD = nconf.get('REDIS_PASSWORD');
const REDIS_PORT = nconf.get('REDIS_PORT'); const REDIS_PORT = nconf.get('REDIS_PORT');
const LIVELINESS_PROBE_KEY = nconf.get('LIVELINESS_PROBE_KEY'); const LIVELINESS_PROBE_KEY = nconf.get('LIVELINESS_PROBE_KEY');
const REGISTRATION_COST = nconf.get('REGISTRATION_RATE_LIMIT_COST') || 5;
const IP_RATE_LIMIT_COST = nconf.get('IP_RATE_LIMIT_COST') || 5;
let redisClient; let redisClient;
let rateLimiter; let rateLimiter;
@@ -76,7 +78,14 @@ export default function rateLimiterMiddleware (req, res, next) {
const userId = req.header('x-api-user'); const userId = req.header('x-api-user');
return rateLimiter.consume(userId || req.ip) let cost = 1;
if (req.path === '/api/v4/user/auth/local/register' || req.path === '/api/v3/user/auth/local/register') {
cost = REGISTRATION_COST;
} else if (!userId) {
cost = IP_RATE_LIMIT_COST;
}
return rateLimiter.consume(userId || req.ip, cost)
.then(rateLimiterRes => { .then(rateLimiterRes => {
setResponseHeaders(res, rateLimiterRes); setResponseHeaders(res, rateLimiterRes);
return next(); return next();