API v3 Rate Limiter (#12117)

* simplify ip address management by using the trust proxy express option * add setupExpress file * fix redirects middleware tests * fix lint * short circuit the ip blocking middleware * basic implementation with ip based limiting * improve logging * upgrade apidoc * apidoc: add introduction section * fix lint * fix tests * fix lint * add unit tests for rate limiter * do not send retry-after header when points are available * automatically fix lint * fix more lint issues * use userId as key for rate limit when available
2025-12-17 22:57:21 +01:00 · 2020-07-17 16:13:51 +02:00
parent e3bcc48481
commit e7c8833c9a
15 changed files with 332 additions and 61 deletions
--- a/website/server/middlewares/appRoutes.js
+++ b/website/server/middlewares/appRoutes.js
@@ -3,6 +3,8 @@ import expressValidator from 'express-validator';
 import path from 'path';
 import analytics from './analytics';
 import setupBody from './setupBody';
+import rateLimiter from './rateLimiter';
+import setupExpress from '../libs/setupExpress';
 import * as routes from '../libs/routes';

 const API_V3_CONTROLLERS_PATH = path.join(__dirname, '/../controllers/api-v3/');
@@ -12,8 +14,7 @@ const TOP_LEVEL_CONTROLLERS_PATH = path.join(__dirname, '/../controllers/top-lev
 const app = express();

 // re-set the view options because they are not inherited from the top level app
-app.set('view engine', 'pug');
-app.set('views', `${__dirname}/../../views`);
+setupExpress(app);

 app.use(expressValidator());
 app.use(analytics);
@@ -26,7 +27,7 @@ app.use('/', topLevelRouter);

 const v3Router = express.Router(); // eslint-disable-line new-cap
 routes.walkControllers(v3Router, API_V3_CONTROLLERS_PATH);
-app.use('/api/v3', v3Router);
+app.use('/api/v3', rateLimiter, v3Router);

 // API v4 proxies API v3 routes by default.
 // It can also disable or override v3 routes