yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(server): rate limit all routes (#4561)

Browse Source
This commit is contained in:
Apoorv Mishra
2022-12-10 19:17:18 +05:30
committed by GitHub
parent 053d10d893
commit 5c842087a5
3 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/index.ts
View File

@@ -17,6 +17,7 @@ import Logger from "./logging/Logger";
import services from "./services";
import { getArg } from "./utils/args";
import { getSSLOptions } from "./utils/ssl";
import { defaultRateLimiter } from "@server/middlewares/rateLimiter";
import {
checkEnv,
checkMigrations,
@@ -84,6 +85,9 @@ async function start(id: number, disconnect: () => void) {
// catch errors in one place, automatically set status and response headers
onerror(app);
// Apply default rate limit to all routes
app.use(defaultRateLimiter());
// install health check endpoint for all services
router.get("/_health", (ctx) => (ctx.body = "OK"));
app.use(router.routes());

3
server/routes/api/index.ts
View File

@@ -4,7 +4,6 @@ import Router from "koa-router";
import userAgent, { UserAgentContext } from "koa-useragent";
import env from "@server/env";
import { NotFoundError } from "@server/errors";
import { defaultRateLimiter } from "@server/middlewares/rateLimiter";
import { AuthenticatedState } from "@server/types";
import apiKeys from "./apiKeys";
import attachments from "./attachments";
@@ -89,8 +88,6 @@ router.get("*", (ctx) => {
ctx.throw(NotFoundError("Endpoint not found"));
});
api.use(defaultRateLimiter());
// Router is embedded in a Koa application wrapper, because koa-router does not
// allow middleware to catch any routes which were not explicitly defined.
api.use(router.routes());

2
server/routes/auth/index.ts
View File

@@ -5,7 +5,6 @@ import bodyParser from "koa-body";
import Router from "koa-router";
import { AuthenticationError } from "@server/errors";
import auth from "@server/middlewares/authentication";
import { defaultRateLimiter } from "@server/middlewares/rateLimiter";
import { Collection, Team, View } from "@server/models";
import providers from "./providers";
@@ -13,7 +12,6 @@ const app = new Koa();
const router = new Router();
router.use(passport.initialize());
router.use(defaultRateLimiter());
// dynamically load available authentication provider routes
providers.forEach((provider) => {