From 391cf16c8766303119845c9eb9525e669927546f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 16 May 2024 13:54:11 +0600
Subject: [PATCH] api: configurable rate limit through env

---
 src/core/api.js       | 10 +++++-----
 src/modules/config.js | 15 +++++++++++----
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/core/api.js b/src/core/api.js
index 24b935fd..f31665aa 100644
--- a/src/core/api.js
+++ b/src/core/api.js
@@ -22,8 +22,8 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
     };
 
     const apiLimiter = rateLimit({
-        windowMs: 60000,
-        max: 20,
+        windowMs: env.rateLimitWindow * 1000,
+        max: env.rateLimitMax || 20,
         standardHeaders: true,
         legacyHeaders: false,
         keyGenerator: req => generateHmac(getIP(req), ipSalt),
@@ -36,8 +36,8 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
     })
 
     const apiLimiterStream = rateLimit({
-        windowMs: 60000,
-        max: 25,
+        windowMs: env.rateLimitWindow * 1000,
+        max: env.rateLimitMax || 20,
         standardHeaders: true,
         legacyHeaders: false,
         keyGenerator: req => generateHmac(getIP(req), ipSalt),
@@ -51,7 +51,7 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
 
     app.set('trust proxy', ['loopback', 'uniquelocal']);
 
-    app.use('/api/:type', cors({
+    app.use('/api', cors({
         methods: ['GET', 'POST'],
         ...corsConfig
     }))
diff --git a/src/modules/config.js b/src/modules/config.js
index c66521e1..a8500747 100644
--- a/src/modules/config.js
+++ b/src/modules/config.js
@@ -28,18 +28,25 @@ const
 
     // API mode related environment variables
     apiEnvs = {
+        apiURL,
         apiPort: process.env.API_PORT || 9000,
         apiName: process.env.API_NAME || 'unknown',
+
         listenAddress: process.env.API_LISTEN_ADDRESS,
+        freebindCIDR: process.platform === 'linux' && process.env.FREEBIND_CIDR,
+
         corsWildcard: process.env.CORS_WILDCARD !== '0',
         corsURL: process.env.CORS_URL,
+
         cookiePath: process.env.COOKIE_PATH,
+        tiktokDeviceInfo: process.env.TIKTOK_DEVICE_INFO && JSON.parse(process.env.TIKTOK_DEVICE_INFO),
+
+        rateLimitWindow: (process.env.RATELIMIT_WINDOW  && parseInt(process.env.RATELIMIT_WINDOW)) || 60,
+        rateLimitMax: (process.env.RATELIMIT_MAX && parseInt(process.env.RATELIMIT_MAX)) || 20,
+
         processingPriority: process.platform !== 'win32'
                                 && process.env.PROCESSING_PRIORITY
-                                && parseInt(process.env.PROCESSING_PRIORITY),
-        tiktokDeviceInfo: process.env.TIKTOK_DEVICE_INFO && JSON.parse(process.env.TIKTOK_DEVICE_INFO),
-        freebindCIDR: process.platform === 'linux' && process.env.FREEBIND_CIDR,
-        apiURL
+                                && parseInt(process.env.PROCESSING_PRIORITY)
     }
 
 export const