yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: Rate limiter audit (#3965)

Browse Source 
* chore: Rate limiter audit api/users

* Make requests required

* api/collections

* Remove checkRateLimit on FileOperation (now done at route level through rate limiter)

* auth rate limit

* Add metric logging when rate limit exceeded

* Refactor to shared configs

* test
This commit is contained in:
Tom Moor
2022-08-14 16:04:04 +01:00
committed by GitHub
parent 9338328a82
commit a326e0ee88
14 changed files with 367 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/routes/api/index.ts
View File

@@ -5,7 +5,7 @@ import env from "@server/env";
import { NotFoundError } from "@server/errors";
import errorHandling from "@server/middlewares/errorHandling";
import methodOverride from "@server/middlewares/methodOverride";
import { rateLimiter } from "@server/middlewares/rateLimiter";
import { defaultRateLimiter } from "@server/middlewares/rateLimiter";
import apiKeys from "./apiKeys";
import attachments from "./attachments";
import auth from "./auth";
@@ -81,7 +81,7 @@ router.post("*", (ctx) => {
ctx.throw(NotFoundError("Endpoint not found"));
});
api.use(rateLimiter());
api.use(defaultRateLimiter());
// Router is embedded in a Koa application wrapper, because koa-router does not
// allow middleware to catch any routes which were not explicitly defined.