API v3 Rate Limiter (#12117)

* simplify ip address management by using the trust proxy express option * add setupExpress file * fix redirects middleware tests * fix lint * short circuit the ip blocking middleware * basic implementation with ip based limiting * improve logging * upgrade apidoc * apidoc: add introduction section * fix lint * fix tests * fix lint * add unit tests for rate limiter * do not send retry-after header when points are available * automatically fix lint * fix more lint issues * use userId as key for rate limit when available
2025-12-19 15:48:04 +01:00 · 2020-07-17 16:13:51 +02:00
parent 0261d12bd9
commit f1173cee6a
15 changed files with 383 additions and 158 deletions
--- a/website/server/middlewares/index.js
+++ b/website/server/middlewares/index.js
@@ -9,6 +9,7 @@ import methodOverride from 'method-override';
 import passport from 'passport';
 import basicAuth from 'express-basic-auth';
 import helmet from 'helmet';
+import setupExpress from '../libs/setupExpress';
 import errorHandler from './errorHandler';
 import notFoundHandler from './notFound';
 import cors from './cors';
@@ -39,8 +40,7 @@ const SESSION_SECRET = nconf.get('SESSION_SECRET');
 const TEN_YEARS = 1000 * 60 * 60 * 24 * 365 * 10;

 export default function attachMiddlewares (app, server) {
-  app.set('view engine', 'pug');
-  app.set('views', `${__dirname}/../../views`);
+  setupExpress(app);

  app.use(domainMiddleware(server, mongoose));