add rate limits

This commit is contained in:
b1ek 2023-04-18 10:42:16 +10:00
parent c9e9debd70
commit 2a873f38eb
Signed by: blek
GPG Key ID: 14546221E3595D0C
1 changed files with 8 additions and 9 deletions

View File

@ -3,23 +3,21 @@ const router = express.Router();
const handler = require('express-async-handler'); const handler = require('express-async-handler');
const content = require('../helpers/content'); const content = require('../helpers/content');
const memcache = require('memcached');
const cache = new memcache(process.env.SESSION_MEMCACHE_HOST);
const crypto = require('crypto'); const crypto = require('crypto');
const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env; const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;
let ratelimits = {}; var ratelimits = {};
async function upload(req, res) { async function upload(req, res) {
if (!ratelimits[req.ip]) let rate_lim = ratelimits[req.ip];
ratelimits[req.ip] = Date.now();
if (Date.now() - ratelimits[req.ip] < RATE_LIMIT) { if (rate_lim)
res.status(503).send('You are being rate limited.'); if (Date.now() - rate_lim < RATE_LIMIT) {
return; res.status(503).send('You are being rate limited.');
} return;
}
if (req.body['_csrf'] != req.session.csrf) { if (req.body['_csrf'] != req.session.csrf) {
res.status(405).send('CSRF error'); res.status(405).send('CSRF error');
@ -50,6 +48,7 @@ async function upload(req, res) {
return; return;
} }
ratelimits[req.ip] = Date.now();
const id = await content.create(data); const id = await content.create(data);
res.redirect( res.redirect(
'/view?id=' + encodeURIComponent(id) '/view?id=' + encodeURIComponent(id)