diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-02 18:55:18 +1000 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-02 18:55:18 +1000 |
commit | 519e55b7a5f2617749b07482ba70b75ef52cb068 (patch) | |
tree | 03197de33fbb724df59cf3c6ced8467427bd54ce /api | |
parent | Merge pull request #737 from fosscord/translation (diff) | |
download | server-519e55b7a5f2617749b07482ba70b75ef52cb068.tar.xz |
Skip check for rate limit bypass if no user id is provided
Diffstat (limited to 'api')
-rw-r--r-- | api/src/middlewares/RateLimit.ts | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/api/src/middlewares/RateLimit.ts b/api/src/middlewares/RateLimit.ts index ca6de98f..13f1602c 100644 --- a/api/src/middlewares/RateLimit.ts +++ b/api/src/middlewares/RateLimit.ts @@ -46,12 +46,14 @@ export default function rateLimit(opts: { }): any { return async (req: Request, res: Response, next: NextFunction): Promise<any> => { // exempt user? if so, immediately short circuit - const rights = await getRights(req.user_id); - if (rights.has("BYPASS_RATE_LIMITS")) return; - + if (req.user_id) { + const rights = await getRights(req.user_id); + if (rights.has("BYPASS_RATE_LIMITS")) return; + } + const bucket_id = opts.bucket || req.originalUrl.replace(API_PREFIX_TRAILING_SLASH, ""); var executor_id = getIpAdress(req); - if (!opts.onlyIp && req.user_id) executor_id = req.user_id; + if (!opts.onlyIp && req.user_id) executor_id = req.user_id; var max_hits = opts.count; if (opts.bot && req.user_bot) max_hits = opts.bot; @@ -161,7 +163,7 @@ export async function initRateLimits(app: Router) { app.use("/auth/register", rateLimit({ onlyIp: true, success: true, ...routes.auth.register })); } -async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number }) { +async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number; }) { const id = opts.executor_id + opts.bucket_id; var limit = Cache.get(id); if (!limit) { |