mirror of
https://github.com/qwertyforce/scenery.git
synced 2025-05-31 11:42:35 +00:00
pm2 + api_router rate limiter + fixes
This commit is contained in:
qwertyforce
parent
4b4a9e1ed4
commit
69b40ef49d
1172
package-lock.json
generated
1172
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -30,6 +30,7 @@
|
|||||||
"mongodb": "^3.6.1",
|
"mongodb": "^3.6.1",
|
||||||
"next": "latest",
|
"next": "latest",
|
||||||
"nodemailer": "^6.4.11",
|
"nodemailer": "^6.4.11",
|
||||||
|
"pm2": "^4.4.1",
|
||||||
"prop-types": "^15.7.2",
|
"prop-types": "^15.7.2",
|
||||||
"react": "^16.13.1",
|
"react": "^16.13.1",
|
||||||
"react-dom": "^16.13.1",
|
"react-dom": "^16.13.1",
|
||||||
|
|||||||
@ -16,8 +16,7 @@ import config from '../config/config'
|
|||||||
|
|
||||||
const PASS_MIN = 8;
|
const PASS_MIN = 8;
|
||||||
const PASS_MAX = 128;
|
const PASS_MAX = 128;
|
||||||
|
const port = parseInt(process.env.NODE_PORT||"80")
|
||||||
const port = 80
|
|
||||||
const dev = process.env.NODE_ENV !== 'production'
|
const dev = process.env.NODE_ENV !== 'production'
|
||||||
const next_app = next({ dev })
|
const next_app = next({ dev })
|
||||||
const handle = next_app.getRequestHandler()
|
const handle = next_app.getRequestHandler()
|
||||||
@ -35,13 +34,13 @@ import update_image_data from './routes/update_image_data'
|
|||||||
import import_from_derpi from './routes/import_from_derpi'
|
import import_from_derpi from './routes/import_from_derpi'
|
||||||
next_app.prepare().then(() => {
|
next_app.prepare().then(() => {
|
||||||
const app = express()
|
const app = express()
|
||||||
|
const api_router=express.Router()
|
||||||
const limiter = rateLimit({
|
const limiter = rateLimit({
|
||||||
windowMs: 15 * 60 * 1000, // 15 minutes
|
windowMs: 15 * 60, // 15 minutes
|
||||||
max: 1000000 // limit each IP to 100 requests per windowMs
|
max: 200 // limit each IP to w00 requests per windowMs
|
||||||
});
|
});
|
||||||
const recaptcha = new RecaptchaV3(config.recaptcha_site_key, config.recaptcha_secret_key);
|
const recaptcha = new RecaptchaV3(config.recaptcha_site_key, config.recaptcha_secret_key);
|
||||||
////////////////
|
////////////////
|
||||||
app.use(limiter);
|
|
||||||
app.use(function (_req, res, next) {
|
app.use(function (_req, res, next) {
|
||||||
res.setHeader('X-Content-Type-Options', "nosniff")
|
res.setHeader('X-Content-Type-Options', "nosniff")
|
||||||
res.setHeader('X-Frame-Options', "Deny") //clickjacking protection
|
res.setHeader('X-Frame-Options', "Deny") //clickjacking protection
|
||||||
@ -75,19 +74,21 @@ next_app.prepare().then(() => {
|
|||||||
ttl: 14 * 24 * 60 * 60
|
ttl: 14 * 24 * 60 * 60
|
||||||
}) // = 14 days. Default
|
}) // = 14 days. Default
|
||||||
}))
|
}))
|
||||||
|
api_router.use(limiter);
|
||||||
|
app.use(api_router)
|
||||||
///////////////
|
///////////////
|
||||||
|
|
||||||
|
|
||||||
app.get('/auth/google', google_oauth_redirect)
|
api_router.get('/auth/google', google_oauth_redirect)
|
||||||
app.get('/auth/github', github_oauth_redirect)
|
api_router.get('/auth/github', github_oauth_redirect)
|
||||||
app.get('/auth/github/callback', github_oauth_callback)
|
api_router.get('/auth/github/callback', github_oauth_callback)
|
||||||
app.get('/auth/google/callback', google_oauth_callback)
|
api_router.get('/auth/google/callback', google_oauth_callback)
|
||||||
|
|
||||||
|
|
||||||
app.post('/update_image_data', update_image_data)
|
api_router.post('/update_image_data', update_image_data)
|
||||||
app.post('/import_from_derpi', import_from_derpi)
|
api_router.post('/import_from_derpi', import_from_derpi)
|
||||||
|
|
||||||
app.post('/signup', [
|
api_router.post('/signup', [
|
||||||
recaptcha.middleware.verify,
|
recaptcha.middleware.verify,
|
||||||
check('email').isEmail(),
|
check('email').isEmail(),
|
||||||
check('password').isLength({
|
check('password').isLength({
|
||||||
@ -96,7 +97,7 @@ next_app.prepare().then(() => {
|
|||||||
})
|
})
|
||||||
], signup)
|
], signup)
|
||||||
|
|
||||||
app.post('/login', [
|
api_router.post('/login', [
|
||||||
recaptcha.middleware.verify,
|
recaptcha.middleware.verify,
|
||||||
check('email').isEmail(),
|
check('email').isEmail(),
|
||||||
check('password').isLength({
|
check('password').isLength({
|
||||||
@ -105,7 +106,7 @@ next_app.prepare().then(() => {
|
|||||||
}),
|
}),
|
||||||
], login)
|
], login)
|
||||||
|
|
||||||
app.post('/change_pw', [
|
api_router.post('/change_pw', [
|
||||||
recaptcha.middleware.verify,
|
recaptcha.middleware.verify,
|
||||||
check('password').isLength({
|
check('password').isLength({
|
||||||
min: PASS_MIN,
|
min: PASS_MIN,
|
||||||
@ -113,13 +114,13 @@ next_app.prepare().then(() => {
|
|||||||
}),
|
}),
|
||||||
], change_password)
|
], change_password)
|
||||||
|
|
||||||
app.post('/forgot_pw', [
|
api_router.post('/forgot_pw', [
|
||||||
recaptcha.middleware.verify,
|
recaptcha.middleware.verify,
|
||||||
check('email').isEmail(),
|
check('email').isEmail(),
|
||||||
], forgot_password)
|
], forgot_password)
|
||||||
|
|
||||||
app.get('/activate', activate_account_email)
|
api_router.get('/activate', activate_account_email)
|
||||||
app.get('/logout', (req, res) => {
|
api_router.get('/logout', (req, res) => {
|
||||||
if (req.session) {
|
if (req.session) {
|
||||||
req.session.destroy(function (err) {
|
req.session.destroy(function (err) {
|
||||||
if (err) {
|
if (err) {
|
||||||
|
|||||||
@ -25,7 +25,6 @@ async function import_from_derpi(req: Request, res: Response) {
|
|||||||
if (user[0].isAdmin) {
|
if (user[0].isAdmin) {
|
||||||
try {
|
try {
|
||||||
const imgs = await db_ops.image_ops.find_image_by_id(id)
|
const imgs = await db_ops.image_ops.find_image_by_id(id)
|
||||||
console.log(imgs.length)
|
|
||||||
if (imgs.length !== 0) {
|
if (imgs.length !== 0) {
|
||||||
res.json({ message: "Already in the DB" })
|
res.json({ message: "Already in the DB" })
|
||||||
return
|
return
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user