summary refs log tree commit diff
path: root/api
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-07-02 18:55:18 +1000
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-07-02 18:55:18 +1000
commit519e55b7a5f2617749b07482ba70b75ef52cb068 (patch)
tree03197de33fbb724df59cf3c6ced8467427bd54ce /api
parentMerge pull request #737 from fosscord/translation (diff)
downloadserver-519e55b7a5f2617749b07482ba70b75ef52cb068.tar.xz
Skip check for rate limit bypass if no user id is provided
Diffstat (limited to 'api')
-rw-r--r--api/src/middlewares/RateLimit.ts12
1 files changed, 7 insertions, 5 deletions
diff --git a/api/src/middlewares/RateLimit.ts b/api/src/middlewares/RateLimit.ts
index ca6de98f..13f1602c 100644
--- a/api/src/middlewares/RateLimit.ts
+++ b/api/src/middlewares/RateLimit.ts
@@ -46,12 +46,14 @@ export default function rateLimit(opts: {
 }): any {
 	return async (req: Request, res: Response, next: NextFunction): Promise<any> => {
 		// exempt user? if so, immediately short circuit
-		const rights = await getRights(req.user_id);
-		if (rights.has("BYPASS_RATE_LIMITS")) return;
-		
+		if (req.user_id) {
+			const rights = await getRights(req.user_id);
+			if (rights.has("BYPASS_RATE_LIMITS")) return;
+		}
+
 		const bucket_id = opts.bucket || req.originalUrl.replace(API_PREFIX_TRAILING_SLASH, "");
 		var executor_id = getIpAdress(req);
-		if (!opts.onlyIp && req.user_id) executor_id = req.user_id;		
+		if (!opts.onlyIp && req.user_id) executor_id = req.user_id;
 
 		var max_hits = opts.count;
 		if (opts.bot && req.user_bot) max_hits = opts.bot;
@@ -161,7 +163,7 @@ export async function initRateLimits(app: Router) {
 	app.use("/auth/register", rateLimit({ onlyIp: true, success: true, ...routes.auth.register }));
 }
 
-async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number }) {
+async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number; }) {
 	const id = opts.executor_id + opts.bucket_id;
 	var limit = Cache.get(id);
 	if (!limit) {