diff --git a/src/middlewares/Authentication.ts b/src/middlewares/Authentication.ts
index 5a1241f3..8fbae122 100644
--- a/src/middlewares/Authentication.ts
+++ b/src/middlewares/Authentication.ts
@@ -19,7 +19,7 @@ export function Authentication(req: Request, res: Response, next: NextFunction)
if (NO_AUTHORIZATION_ROUTES.includes(req.url)) return next();
if (!req.headers.authorization) return next(new HTTPError("Missing Authorization Header", 401));
- return jwt.verify(req.headers.authorization, Config.get().server.jwtSecret, JWTOptions, (err, decoded: any) => {
+ return jwt.verify(req.headers.authorization, Config.get().security.jwtSecret, JWTOptions, (err, decoded: any) => {
if (err || !decoded) return next(new HTTPError("Invalid Token", 401));
req.token = decoded;
diff --git a/src/middlewares/BodyParser.ts b/src/middlewares/BodyParser.ts
new file mode 100644
index 00000000..b0ff699d
--- /dev/null
+++ b/src/middlewares/BodyParser.ts
@@ -0,0 +1,17 @@
+import bodyParser, { OptionsJson } from "body-parser";
+import { NextFunction, Request, Response } from "express";
+import { HTTPError } from "lambert-server";
+
+export function BodyParser(opts?: OptionsJson) {
+ const jsonParser = bodyParser.json(opts);
+
+ return (req: Request, res: Response, next: NextFunction) => {
+ jsonParser(req, res, (err) => {
+ if (err) {
+ // TODO: different errors for body parser (request size limit, wrong body type, invalid body, ...)
+ return next(new HTTPError("Invalid Body", 400));
+ }
+ next();
+ });
+ };
+}
diff --git a/src/middlewares/GlobalRateLimit.ts b/src/middlewares/GlobalRateLimit.ts
index 5c5f690a..8fbfbd5c 100644
--- a/src/middlewares/GlobalRateLimit.ts
+++ b/src/middlewares/GlobalRateLimit.ts
@@ -3,16 +3,16 @@ import Config from "../util/Config";
import db from "../util/Database";
export async function GlobalRateLimit(req: Request, res: Response, next: NextFunction) {
- if (!Config.get().server.ipRateLimit.enabled) return next();
+ if (!Config.get().limits.rate.ip.enabled) return next();
const ip = getIpAdress(req);
let limit = (await db.data.ratelimit.global[ip].get()) || { start: Date.now(), count: 0 };
- if (limit.start < Date.now() - Config.get().server.ipRateLimit.timespan) {
+ if (limit.start < Date.now() - Config.get().limits.rate.ip.timespan) {
limit.start = Date.now();
limit.count = 0;
}
- if (limit.count > Config.get().server.ipRateLimit.count) {
+ if (limit.count > Config.get().limits.rate.ip.count) {
const timespan = Date.now() - limit.start;
return res
@@ -37,7 +37,7 @@ export async function GlobalRateLimit(req: Request, res: Response, next: NextFun
}
export function getIpAdress(req: Request): string {
- const { forwadedFor } = Config.get().server;
+ const { forwadedFor } = Config.get().security;
const ip = forwadedFor ? <string>req.headers[forwadedFor] : req.ip;
return ip.replaceAll(".", "_").replaceAll(":", "_");
}
|
