mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/imputnet/cobalt.git synced 2025-12-14 12:15:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

merge: 10.9 from main
Some checks failed
CodeQL / Analyze (${{ matrix.language }}) (none, javascript-typescript) (push) Has been cancelled
Details
Run service tests / test service functionality (push) Has been cancelled
Details
Run tests / check lockfile correctness (push) Has been cancelled
Details
Run tests / web sanity check (push) Has been cancelled
Details
Run tests / api sanity check (push) Has been cancelled
Details
Run service tests / test service: ${{ matrix.service }} (push) Has been cancelled
Details

Browse Source
This commit is contained in:
wukko
2025-04-02 21:47:49 +06:00
parent 07d4393d27 fc050d78e2
commit 06bc51db54
25 changed files with 479 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/core/api.js
View File

@@ -75,8 +75,8 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
const keyGenerator = (req) => hashHmac(getIP(req), 'rate').toString('base64url');
const sessionLimiter = rateLimit({
windowMs: 60000,
limit: 10,
windowMs: env.sessionRateLimitWindow * 1000,
limit: env.sessionRateLimit,
standardHeaders: 'draft-6',
legacyHeaders: false,
keyGenerator,
@@ -92,7 +92,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
keyGenerator: req => req.rateLimitKey || keyGenerator(req),
store: await createStore('api'),
handler: handleRateExceeded
})
});
const apiTunnelLimiter = rateLimit({
windowMs: env.rateLimitWindow * 1000,
@@ -104,7 +104,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
handler: (_, res) => {
return res.sendStatus(429)
}
})
});
app.set('trust proxy', ['loopback', 'uniquelocal']);
@@ -176,7 +176,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
return fail(res, "error.api.auth.jwt.invalid");
}
if (!jwt.verify(token)) {
if (!jwt.verify(token, getIP(req, 32))) {
return fail(res, "error.api.auth.jwt.invalid");
}
@@ -222,7 +222,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
}
try {
res.json(jwt.generate());
res.json(jwt.generate(getIP(req, 32)));
} catch {
return fail(res, "error.api.generic");
}