mirror of
https://github.com/neongamerbot-qk/hackclub-nest
synced 2024-11-14 21:19:36 +00:00
feat: ratelimits
This commit is contained in:
parent
f336ec37b3
commit
d59be2bfb1
3 changed files with 17 additions and 0 deletions
|
@ -12,6 +12,7 @@
|
||||||
"dotenv": "^16.4.5",
|
"dotenv": "^16.4.5",
|
||||||
"ejs": "^3.1.10",
|
"ejs": "^3.1.10",
|
||||||
"express": "^4.21.1",
|
"express": "^4.21.1",
|
||||||
|
"express-rate-limit": "^7.4.1",
|
||||||
"express-session": "^1.18.1",
|
"express-session": "^1.18.1",
|
||||||
"quick.db": "^9.1.7",
|
"quick.db": "^9.1.7",
|
||||||
"session-file-store": "^1.5.0",
|
"session-file-store": "^1.5.0",
|
||||||
|
|
|
@ -2,6 +2,7 @@ const path = require("path");
|
||||||
require("dotenv").config();
|
require("dotenv").config();
|
||||||
const express = require("express");
|
const express = require("express");
|
||||||
const session = require("express-session");
|
const session = require("express-session");
|
||||||
|
const rateLimit = require('express-rate-limit');
|
||||||
const FileStore = require("session-file-store")(session);
|
const FileStore = require("session-file-store")(session);
|
||||||
const { InstallProvider, FileInstallationStore } = require("@slack/oauth");
|
const { InstallProvider, FileInstallationStore } = require("@slack/oauth");
|
||||||
const {
|
const {
|
||||||
|
@ -184,6 +185,16 @@ app.get("/download/db", async (req, res) => {
|
||||||
res.setHeader("Content-Disposition", 'attachment; filename="songs.csv"');
|
res.setHeader("Content-Disposition", 'attachment; filename="songs.csv"');
|
||||||
res.send(csvData);
|
res.send(csvData);
|
||||||
});
|
});
|
||||||
|
const limiter = rateLimit({
|
||||||
|
windowMs: 1 * 60 * 1000, // 1 minutes
|
||||||
|
limit: 5, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
|
||||||
|
standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
|
||||||
|
legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
|
||||||
|
// store: ... , // Redis, Memcached, etc. See below.
|
||||||
|
})
|
||||||
|
|
||||||
|
// Apply the rate limiting middleware to all requests.
|
||||||
|
app.use(limiter)
|
||||||
app.post("/spotify/submitsong", async (req, res) => {
|
app.post("/spotify/submitsong", async (req, res) => {
|
||||||
if (!req.session.token) return res.redirect("/login");
|
if (!req.session.token) return res.redirect("/login");
|
||||||
if (!cacheDb[req.query.token]) return res.redirect(`/home?error=0`);
|
if (!cacheDb[req.query.token]) return res.redirect(`/home?error=0`);
|
||||||
|
|
|
@ -536,6 +536,11 @@ expand-template@^2.0.3:
|
||||||
resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c"
|
resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c"
|
||||||
integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==
|
integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==
|
||||||
|
|
||||||
|
express-rate-limit@^7.4.1:
|
||||||
|
version "7.4.1"
|
||||||
|
resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.4.1.tgz#90954ecbcde9e7ae7b5000325395f86991191d94"
|
||||||
|
integrity sha512-KS3efpnpIDVIXopMc65EMbWbUht7qvTCdtCR2dD/IZmi9MIkopYESwyRqLgv8Pfu589+KqDqOdzJWW7AHoACeg==
|
||||||
|
|
||||||
express-session@^1.18.1:
|
express-session@^1.18.1:
|
||||||
version "1.18.1"
|
version "1.18.1"
|
||||||
resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.18.1.tgz#88d0bbd41878882840f24ec6227493fcb167e8d5"
|
resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.18.1.tgz#88d0bbd41878882840f24ec6227493fcb167e8d5"
|
||||||
|
|
Loading…
Reference in a new issue