api: upgrade express-rate-limit to v7, reuse key generator

2024-11-01 12:54:16 +00:00 · 2024-11-01 12:54:16 +00:00 · d466f8a4af
commit d466f8a4af
parent 693204b799
3 changed files with 20 additions and 18 deletions
--- a/api/package.json
+++ b/api/package.json
@ -31,7 +31,7 @@
        "dotenv": "^16.0.1",
        "esbuild": "^0.14.51",
        "express": "^4.21.0",
-        "express-rate-limit": "^6.3.0",
+        "express-rate-limit": "^7.4.1",
        "ffmpeg-static": "^5.1.0",
        "hls-parser": "^0.10.7",
        "ipaddr.js": "2.2.0",
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@ -68,31 +68,33 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
        return res.status(status).json(body);
    };

+    const keyGenerator = (req) => hashHmac(getIP(req), 'rate').toString('base64url');
+
    const sessionLimiter = rateLimit({
        windowMs: 60000,
-        max: 10,
-        standardHeaders: true,
+        limit: 10,
+        standardHeaders: 'draft-6',
        legacyHeaders: false,
-        keyGenerator: req => hashHmac(getIP(req), 'rate'),
+        keyGenerator,
        handler: handleRateExceeded
    });

    const apiLimiter = rateLimit({
        windowMs: env.rateLimitWindow * 1000,
-        max: (req) => req.rateLimitMax || env.rateLimitMax,
-        standardHeaders: true,
+        limit: (req) => req.rateLimitMax || env.rateLimitMax,
+        standardHeaders: 'draft-6',
        legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
+        keyGenerator: req => req.rateLimitKey || keyGenerator(req),
        handler: handleRateExceeded
    })

    const apiTunnelLimiter = rateLimit({
        windowMs: env.rateLimitWindow * 1000,
-        max: (req) => req.rateLimitMax || env.rateLimitMax,
-        standardHeaders: true,
+        limit: (req) => req.rateLimitMax || env.rateLimitMax,
+        standardHeaders: 'draft-6',
        legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
-        handler: (req, res) => {
+        keyGenerator: req => req.rateLimitKey || keyGenerator(req),
+        handler: (_, res) => {
            return res.sendStatus(429)
        }
    })
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -32,8 +32,8 @@ importers:
        specifier: ^4.21.0
        version: 4.21.0
      express-rate-limit:
-        specifier: ^6.3.0
-        version: 6.11.2(express@4.21.0)
+        specifier: ^7.4.1
+        version: 7.4.1(express@4.21.0)
      ffmpeg-static:
        specifier: ^5.1.0
        version: 5.2.0
@ -1298,11 +1298,11 @@ packages:
    resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==}
    engines: {node: '>=10'}

-  express-rate-limit@6.11.2:
-    resolution: {integrity: sha512-a7uwwfNTh1U60ssiIkuLFWHt4hAC5yxlLGU2VP0X4YNlyEDZAqF4tK3GD3NSitVBrCQmQ0++0uOyFOgC2y4DDw==}
-    engines: {node: '>= 14'}
+  express-rate-limit@7.4.1:
+    resolution: {integrity: sha512-KS3efpnpIDVIXopMc65EMbWbUht7qvTCdtCR2dD/IZmi9MIkopYESwyRqLgv8Pfu589+KqDqOdzJWW7AHoACeg==}
+    engines: {node: '>= 16'}
    peerDependencies:
-      express: ^4 || ^5
+      express: 4 || 5 || ^5.0.0-beta.1

  express@4.21.0:
    resolution: {integrity: sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==}
@ -3341,7 +3341,7 @@ snapshots:
      signal-exit: 3.0.7
      strip-final-newline: 2.0.0

-  express-rate-limit@6.11.2(express@4.21.0):
+  express-rate-limit@7.4.1(express@4.21.0):
    dependencies:
      express: 4.21.0