From d59be2bfb1b413cb48bfa3afde249d13fa4bcc14 Mon Sep 17 00:00:00 2001 From: Saahil Date: Sun, 3 Nov 2024 18:08:22 -0500 Subject: [PATCH 1/3] feat: ratelimits --- hackclub-spotify-bot/package.json | 1 + hackclub-spotify-bot/src/index.js | 11 +++++++++++ hackclub-spotify-bot/yarn.lock | 5 +++++ 3 files changed, 17 insertions(+) diff --git a/hackclub-spotify-bot/package.json b/hackclub-spotify-bot/package.json index 88833ad..6348300 100644 --- a/hackclub-spotify-bot/package.json +++ b/hackclub-spotify-bot/package.json @@ -12,6 +12,7 @@ "dotenv": "^16.4.5", "ejs": "^3.1.10", "express": "^4.21.1", + "express-rate-limit": "^7.4.1", "express-session": "^1.18.1", "quick.db": "^9.1.7", "session-file-store": "^1.5.0", diff --git a/hackclub-spotify-bot/src/index.js b/hackclub-spotify-bot/src/index.js index 73170a1..f8bfd7b 100644 --- a/hackclub-spotify-bot/src/index.js +++ b/hackclub-spotify-bot/src/index.js @@ -2,6 +2,7 @@ const path = require("path"); require("dotenv").config(); const express = require("express"); const session = require("express-session"); +const rateLimit = require('express-rate-limit'); const FileStore = require("session-file-store")(session); const { InstallProvider, FileInstallationStore } = require("@slack/oauth"); const { @@ -184,6 +185,16 @@ app.get("/download/db", async (req, res) => { res.setHeader("Content-Disposition", 'attachment; filename="songs.csv"'); res.send(csvData); }); +const limiter = rateLimit({ + windowMs: 1 * 60 * 1000, // 1 minutes + limit: 5, // Limit each IP to 100 requests per `window` (here, per 15 minutes). + standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header + legacyHeaders: false, // Disable the `X-RateLimit-*` headers. + // store: ... , // Redis, Memcached, etc. See below. +}) + +// Apply the rate limiting middleware to all requests. +app.use(limiter) app.post("/spotify/submitsong", async (req, res) => { if (!req.session.token) return res.redirect("/login"); if (!cacheDb[req.query.token]) return res.redirect(`/home?error=0`); diff --git a/hackclub-spotify-bot/yarn.lock b/hackclub-spotify-bot/yarn.lock index 903ab61..adc3e53 100644 --- a/hackclub-spotify-bot/yarn.lock +++ b/hackclub-spotify-bot/yarn.lock @@ -536,6 +536,11 @@ expand-template@^2.0.3: resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c" integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg== +express-rate-limit@^7.4.1: + version "7.4.1" + resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.4.1.tgz#90954ecbcde9e7ae7b5000325395f86991191d94" + integrity sha512-KS3efpnpIDVIXopMc65EMbWbUht7qvTCdtCR2dD/IZmi9MIkopYESwyRqLgv8Pfu589+KqDqOdzJWW7AHoACeg== + express-session@^1.18.1: version "1.18.1" resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.18.1.tgz#88d0bbd41878882840f24ec6227493fcb167e8d5" From 380f9220135ad2121bb676175c1a6511bcf2e46d Mon Sep 17 00:00:00 2001 From: "zeon-neon[bot]" <136533918+zeon-neon[bot]@users.noreply.github.com> Date: Sun, 3 Nov 2024 23:08:32 +0000 Subject: [PATCH 2/3] enhancement(lint): Fix lint errors for hackclub-spotify-bot/package.json Co-authored-by: NeonGamerBot-QK Signed-off-by: zeon-neon[bot] <136533918+zeon-neon[bot]@users.noreply.github.com> From 6e06c8ed984c658167008557e23f984f61bff30c Mon Sep 17 00:00:00 2001 From: "zeon-neon[bot]" <136533918+zeon-neon[bot]@users.noreply.github.com> Date: Sun, 3 Nov 2024 23:08:33 +0000 Subject: [PATCH 3/3] enhancement(lint): Fix lint errors for hackclub-spotify-bot/src/index.js Co-authored-by: NeonGamerBot-QK Signed-off-by: zeon-neon[bot] <136533918+zeon-neon[bot]@users.noreply.github.com> --- hackclub-spotify-bot/src/index.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hackclub-spotify-bot/src/index.js b/hackclub-spotify-bot/src/index.js index f8bfd7b..f6a01cb 100644 --- a/hackclub-spotify-bot/src/index.js +++ b/hackclub-spotify-bot/src/index.js @@ -2,7 +2,7 @@ const path = require("path"); require("dotenv").config(); const express = require("express"); const session = require("express-session"); -const rateLimit = require('express-rate-limit'); +const rateLimit = require("express-rate-limit"); const FileStore = require("session-file-store")(session); const { InstallProvider, FileInstallationStore } = require("@slack/oauth"); const { @@ -186,15 +186,15 @@ app.get("/download/db", async (req, res) => { res.send(csvData); }); const limiter = rateLimit({ - windowMs: 1 * 60 * 1000, // 1 minutes - limit: 5, // Limit each IP to 100 requests per `window` (here, per 15 minutes). - standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header - legacyHeaders: false, // Disable the `X-RateLimit-*` headers. - // store: ... , // Redis, Memcached, etc. See below. -}) + windowMs: 1 * 60 * 1000, // 1 minutes + limit: 5, // Limit each IP to 100 requests per `window` (here, per 15 minutes). + standardHeaders: "draft-7", // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header + legacyHeaders: false, // Disable the `X-RateLimit-*` headers. + // store: ... , // Redis, Memcached, etc. See below. +}); // Apply the rate limiting middleware to all requests. -app.use(limiter) +app.use(limiter); app.post("/spotify/submitsong", async (req, res) => { if (!req.session.token) return res.redirect("/login"); if (!cacheDb[req.query.token]) return res.redirect(`/home?error=0`);