krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-15 05:37:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7c8833c9a87af4387728959d830dbb2a22b8ee4
habitica/website/server/middlewares/appRoutes.js
Matteo Pagliazzi e7c8833c9a API v3 Rate Limiter (#12117) 
* simplify ip address management by using the trust proxy express option

* add setupExpress file

* fix redirects middleware tests

* fix lint

* short circuit the ip blocking middleware

* basic implementation with ip based limiting

* improve logging

* upgrade apidoc

* apidoc: add introduction section

* fix lint

* fix tests

* fix lint

* add unit tests for rate limiter

* do not send retry-after header when points are available

* automatically fix lint

* fix more lint issues

* use userId as key for rate limit when available
2020-07-18 15:00:09 +02:00

56 lines
1.8 KiB
JavaScript
Raw Blame History

import express from 'express';
import expressValidator from 'express-validator';
import path from 'path';
import analytics from './analytics';
import setupBody from './setupBody';
import rateLimiter from './rateLimiter';
import setupExpress from '../libs/setupExpress';
import * as routes from '../libs/routes';
const API_V3_CONTROLLERS_PATH = path.join(__dirname, '/../controllers/api-v3/');
const API_V4_CONTROLLERS_PATH = path.join(__dirname, '/../controllers/api-v4/');
const TOP_LEVEL_CONTROLLERS_PATH = path.join(__dirname, '/../controllers/top-level/');
const app = express();
// re-set the view options because they are not inherited from the top level app
setupExpress(app);
app.use(expressValidator());
app.use(analytics);
app.use(setupBody);
const topLevelRouter = express.Router(); // eslint-disable-line new-cap
routes.walkControllers(topLevelRouter, TOP_LEVEL_CONTROLLERS_PATH);
app.use('/', topLevelRouter);
const v3Router = express.Router(); // eslint-disable-line new-cap
routes.walkControllers(v3Router, API_V3_CONTROLLERS_PATH);
app.use('/api/v3', rateLimiter, v3Router);
// API v4 proxies API v3 routes by default.
// It can also disable or override v3 routes
// A list of v3 routes in the format METHOD-URL to skip
const v4RouterOverrides = [
// 'GET-/status', Example to override the GET /status api call
'POST-/user/auth/local/register',
'GET-/user',
'PUT-/user',
'POST-/user/class/cast/:spellId',
'POST-/user/rebirth',
'POST-/user/reset',
'POST-/user/reroll',
'DELETE-/user/messages/:id',
'DELETE-/user/messages',
'POST-/coupons/enter/:code',
];
const v4Router = express.Router(); // eslint-disable-line new-cap
routes.walkControllers(v4Router, API_V3_CONTROLLERS_PATH, v4RouterOverrides);
routes.walkControllers(v4Router, API_V4_CONTROLLERS_PATH);
app.use('/api/v4', v4Router);
export default app;
Reference in New Issue View Git Blame Copy Permalink