From 2a873f38ebbec4fffaefd4405d3f6a4847ea8449 Mon Sep 17 00:00:00 2001
From: b1ek <me@blek.codes>
Date: Tue, 18 Apr 2023 10:42:16 +1000
Subject: [PATCH] add rate limits

---
 routes/upload.js | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/routes/upload.js b/routes/upload.js
index 3eaa852..ee00ded 100644
--- a/routes/upload.js
+++ b/routes/upload.js
@@ -3,23 +3,21 @@ const router = express.Router();
 const handler = require('express-async-handler');
 const content = require('../helpers/content');
 
-const memcache = require('memcached');
-const cache = new memcache(process.env.SESSION_MEMCACHE_HOST);
 const crypto = require('crypto');
 
 const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;
 
-let ratelimits = {};
+var ratelimits = {};
 
 async function upload(req, res) {
 
-    if (!ratelimits[req.ip])
-        ratelimits[req.ip] = Date.now();
+    let rate_lim = ratelimits[req.ip];
 
-    if (Date.now() - ratelimits[req.ip] < RATE_LIMIT) {
-        res.status(503).send('You are being rate limited.');
-        return;
-    }
+    if (rate_lim)
+        if (Date.now() - rate_lim < RATE_LIMIT) {
+            res.status(503).send('You are being rate limited.');
+            return;
+        }
 
     if (req.body['_csrf'] != req.session.csrf) {
         res.status(405).send('CSRF error');
@@ -50,6 +48,7 @@ async function upload(req, res) {
         return;
     }
 
+    ratelimits[req.ip] = Date.now();
     const id = await content.create(data);
     res.redirect(
         '/view?id=' + encodeURIComponent(id)