mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2026-07-05 17:01:34 +00:00
Compare commits
2 commits
f0d5f46199
...
030e43f382
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
030e43f382 | ||
|
|
f081a7fdc1 |
1 changed files with 27 additions and 6 deletions
|
|
@ -1,10 +1,14 @@
|
|||
const { rateLimit, RateLimitRequestHandler } = require('express-rate-limit')
|
||||
const Logger = require('../Logger')
|
||||
const requestIp = require('../libs/requestIp')
|
||||
|
||||
/**
|
||||
* Factory for creating authentication rate limiters
|
||||
*/
|
||||
class RateLimiterFactory {
|
||||
static DEFAULT_WINDOW_MS = 10 * 60 * 1000 // 10 minutes
|
||||
static DEFAULT_MAX = 40 // 40 attempts
|
||||
|
||||
constructor() {
|
||||
this.authRateLimiter = null
|
||||
}
|
||||
|
|
@ -18,17 +22,30 @@ class RateLimiterFactory {
|
|||
return this.authRateLimiter
|
||||
}
|
||||
|
||||
let windowMs = 10 * 60 * 1000 // 10 minutes default
|
||||
// Disable by setting max to 0
|
||||
if (process.env.RATE_LIMIT_AUTH_MAX === '0') {
|
||||
this.authRateLimiter = (req, res, next) => next()
|
||||
Logger.info(`[RateLimiterFactory] Authentication rate limiting disabled by ENV variable`)
|
||||
return this.authRateLimiter
|
||||
}
|
||||
|
||||
let windowMs = RateLimiterFactory.DEFAULT_WINDOW_MS
|
||||
if (parseInt(process.env.RATE_LIMIT_AUTH_WINDOW) > 0) {
|
||||
windowMs = parseInt(process.env.RATE_LIMIT_AUTH_WINDOW)
|
||||
if (windowMs !== RateLimiterFactory.DEFAULT_WINDOW_MS) {
|
||||
Logger.info(`[RateLimiterFactory] Authentication rate limiting window set to ${windowMs}ms by ENV variable`)
|
||||
}
|
||||
}
|
||||
|
||||
let max = 40 // 40 attempts default
|
||||
let max = RateLimiterFactory.DEFAULT_MAX
|
||||
if (parseInt(process.env.RATE_LIMIT_AUTH_MAX) > 0) {
|
||||
max = parseInt(process.env.RATE_LIMIT_AUTH_MAX)
|
||||
if (max !== RateLimiterFactory.DEFAULT_MAX) {
|
||||
Logger.info(`[RateLimiterFactory] Authentication rate limiting max set to ${max} by ENV variable`)
|
||||
}
|
||||
}
|
||||
|
||||
let message = 'Too many requests, please try again later.'
|
||||
let message = 'Too many authentication requests'
|
||||
if (process.env.RATE_LIMIT_AUTH_MESSAGE) {
|
||||
message = process.env.RATE_LIMIT_AUTH_MESSAGE
|
||||
}
|
||||
|
|
@ -36,18 +53,22 @@ class RateLimiterFactory {
|
|||
this.authRateLimiter = rateLimit({
|
||||
windowMs,
|
||||
max,
|
||||
message,
|
||||
standardHeaders: true,
|
||||
legacyHeaders: false,
|
||||
keyGenerator: (req) => {
|
||||
// Override keyGenerator to handle proxy IPs
|
||||
return requestIp.getClientIp(req) || req.ip
|
||||
},
|
||||
handler: (req, res) => {
|
||||
const userAgent = req.get('User-Agent') || 'Unknown'
|
||||
const endpoint = req.path
|
||||
const method = req.method
|
||||
const ip = requestIp.getClientIp(req) || req.ip
|
||||
|
||||
Logger.warn(`[RateLimiter] Rate limit exceeded - IP: ${req.ip}, Endpoint: ${method} ${endpoint}, User-Agent: ${userAgent}`)
|
||||
Logger.warn(`[RateLimiter] Rate limit exceeded - IP: ${ip}, Endpoint: ${method} ${endpoint}, User-Agent: ${userAgent}`)
|
||||
|
||||
res.status(429).json({
|
||||
error: 'Too many authentication attempts, please try again later.'
|
||||
error: message
|
||||
})
|
||||
}
|
||||
})
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue