yetangitu/Peertube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2025-10-05 02:39:33 +02:00
Code Issues Releases Wiki Activity

Fix runner api rate limit bypass

Browse source
This commit is contained in:
Chocobozzz 2023-06-20 14:17:34 +02:00
parent 923e41fa4f
commit e915cde30e
No known key found for this signature in database
GPG key ID: 583A612D890159BE
26 changed files with 122 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

11
server/controllers/api/index.ts
View file

@ -1,9 +1,8 @@
import cors from 'cors'
import express from 'express'
import { buildRateLimiter } from '@server/middlewares'
import { HttpStatusCode } from '../../../shared/models'
import { badRequest } from '../../helpers/express-utils'
import { CONFIG } from '../../initializers/config'
import { abuseRouter } from './abuse'
import { accountsRouter } from './accounts'
import { blocklistRouter } from './blocklist'
@ -32,12 +31,6 @@ apiRouter.use(cors({
credentials: true
}))
const apiRateLimiter = buildRateLimiter({
windowMs: CONFIG.RATES_LIMIT.API.WINDOW_MS,
max: CONFIG.RATES_LIMIT.API.MAX
})
apiRouter.use(apiRateLimiter)
apiRouter.use('/server', serverRouter)
apiRouter.use('/abuses', abuseRouter)
apiRouter.use('/bulk', bulkRouter)
@ -57,6 +50,8 @@ apiRouter.use('/plugins', pluginRouter)
apiRouter.use('/custom-pages', customPageRouter)
apiRouter.use('/blocklist', blocklistRouter)
apiRouter.use('/runners', runnersRouter)
// apiRouter.use(apiRateLimiter)
apiRouter.use('/ping', pong)
apiRouter.use('/*', badRequest)