mirror of
https://github.com/strapi/strapi.git
synced 2026-06-02 16:27:47 +00:00
fix: start implementing route checking within rate limit middleware
This commit is contained in:
@@ -21,18 +21,36 @@ module.exports =
|
||||
rateLimitConfig.enabled = true;
|
||||
}
|
||||
|
||||
if (rateLimitConfig.enabled === true) {
|
||||
const rateLimit = require('koa2-ratelimit').RateLimit;
|
||||
|
||||
const getPrefixKey = () => {
|
||||
const userIdentifier = toLower(ctx.request.body.email) || 'unknownIdentifier';
|
||||
const requestPath = isString(ctx.request.path)
|
||||
? toLower(path.normalize(ctx.request.path))
|
||||
: 'invalidPath';
|
||||
|
||||
console.log(requestPath);
|
||||
|
||||
// specifically look through routes the middleware is enabled on and remove the `userIdentifier` from the prefixKey in those cases
|
||||
// this won't help with user's who inject this middleware into custom routes but they can manually define the prefixKey to fit their needs
|
||||
|
||||
const routesWithoutIdentifier = [
|
||||
// todo, add the routes here manually and statically for now. In the future we could probably base it on types
|
||||
// but that would require more work to extract those routes at this point
|
||||
];
|
||||
|
||||
if (requestPath in routesWithoutIdentifier) {
|
||||
return `noIdentifier:${requestPath}:${ctx.request.ip}`;
|
||||
}
|
||||
|
||||
return `${userIdentifier}:${requestPath}:${ctx.request.ip}`;
|
||||
};
|
||||
|
||||
if (rateLimitConfig.enabled === true) {
|
||||
const rateLimit = require('koa2-ratelimit').RateLimit;
|
||||
|
||||
const loadConfig = {
|
||||
interval: { min: 5 },
|
||||
max: 5,
|
||||
prefixKey: `${userIdentifier}:${requestPath}:${ctx.request.ip}`,
|
||||
prefixKey: getPrefixKey(),
|
||||
handler() {
|
||||
throw new RateLimitError();
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user