From 57c9836f5634b3be162895344f20fb0cd7191e8f Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Mon, 9 Sep 2024 14:21:15 +0000
Subject: [PATCH] api/core: move ratelimiters before authentication handler

---
 api/src/core/api.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index c96c1cf1..51ec1697 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -102,6 +102,9 @@ export const runAPI = (express, app, __dirname) => {
         ...corsConfig,
     }));
 
+    app.post('/', apiLimiter);
+    app.use('/tunnel', apiLimiterStream);
+
     app.post('/', (req, res, next) => {
         if (!env.turnstileSecret || !env.jwtSecret) {
             return next();
@@ -140,9 +143,6 @@ export const runAPI = (express, app, __dirname) => {
         next();
     });
 
-    app.post('/', apiLimiter);
-    app.use('/tunnel', apiLimiterStream);
-
     app.use('/', express.json({ limit: 1024 }));
     app.use('/', (err, _, res, next) => {
         if (err) {