krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-14 21:27:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7c8833c9a87af4387728959d830dbb2a22b8ee4
habitica/website/server/middlewares/redirects.js
Matteo Pagliazzi e7c8833c9a API v3 Rate Limiter (#12117) 
* simplify ip address management by using the trust proxy express option

* add setupExpress file

* fix redirects middleware tests

* fix lint

* short circuit the ip blocking middleware

* basic implementation with ip based limiting

* improve logging

* upgrade apidoc

* apidoc: add introduction section

* fix lint

* fix tests

* fix lint

* add unit tests for rate limiter

* do not send retry-after header when points are available

* automatically fix lint

* fix more lint issues

* use userId as key for rate limit when available
2020-07-18 15:00:09 +02:00

48 lines
1.3 KiB
JavaScript
Raw Blame History

import nconf from 'nconf';
import url from 'url';
const IS_PROD = nconf.get('IS_PROD');
const IGNORE_REDIRECT = nconf.get('IGNORE_REDIRECT') === 'true';
const BASE_URL = nconf.get('BASE_URL');
const HTTPS_BASE_URL = BASE_URL.indexOf('https') === 0;
// A secret key that if passed as req.query.skipSSLCheck allows to skip
// the redirects to SSL, used for health checks from the load balancer
const SKIP_SSL_CHECK_KEY = nconf.get('SKIP_SSL_CHECK_KEY');
const BASE_URL_HOST = url.parse(BASE_URL).hostname;
function isHTTP (req) {
return ( // eslint-disable-line no-extra-parens
req.protocol === 'http'
&& IS_PROD
&& HTTPS_BASE_URL === true
);
}
export function forceSSL (req, res, next) {
const { skipSSLCheck } = req.query;
if (
isHTTP(req)
&& (!SKIP_SSL_CHECK_KEY || !skipSSLCheck || skipSSLCheck !== SKIP_SSL_CHECK_KEY)
) {
return res.redirect(BASE_URL + req.originalUrl);
}
return next();
}
// Redirect to habitica for non-api urls
function nonApiUrl (req) {
return req.originalUrl.search(/\/api\//) === -1;
}
export function forceHabitica (req, res, next) {
if (IS_PROD && !IGNORE_REDIRECT && req.hostname !== BASE_URL_HOST && nonApiUrl(req) && req.method === 'GET') {
return res.redirect(301, BASE_URL + req.url);
}
return next();
}
Reference in New Issue View Git Blame Copy Permalink