diff options
author | Matt Strapp <matt@mattstrapp.net> | 2022-02-14 20:30:14 -0600 |
---|---|---|
committer | Matt Strapp <matt@mattstrapp.net> | 2022-02-14 20:31:25 -0600 |
commit | 04ee5840c849673b2f798f1435427e6f2596b2db (patch) | |
tree | 686af0e11ced8c5d9426a1537b0e8decee397d69 | |
parent | Make responses more clear (diff) | |
download | ee4511w-web-04ee5840c849673b2f798f1435427e6f2596b2db.tar ee4511w-web-04ee5840c849673b2f798f1435427e6f2596b2db.tar.gz ee4511w-web-04ee5840c849673b2f798f1435427e6f2596b2db.tar.bz2 ee4511w-web-04ee5840c849673b2f798f1435427e6f2596b2db.tar.lz ee4511w-web-04ee5840c849673b2f798f1435427e6f2596b2db.tar.xz ee4511w-web-04ee5840c849673b2f798f1435427e6f2596b2db.tar.zst ee4511w-web-04ee5840c849673b2f798f1435427e6f2596b2db.zip |
Remove redundant rate limiter
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
-rw-r--r-- | src/routes/api.ts | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/src/routes/api.ts b/src/routes/api.ts index 015bd45..4d55626 100644 --- a/src/routes/api.ts +++ b/src/routes/api.ts @@ -3,7 +3,6 @@ import express, { Request, Response } from 'express'; import csurf from 'csurf'; import cookieParser from 'cookie-parser'; import fileUpload, { UploadedFile } from 'express-fileupload'; -import rateLimit from 'express-rate-limit'; // For executing the python scripts import { access, stat } from 'fs/promises'; import { Stats } from 'fs'; @@ -22,15 +21,6 @@ api.use(fileUpload({ debug: false, // Log debug information })); -// Slow down frequent requests to prevent DoS attacks -const rateLimiter = rateLimit({ - windowMs: 1 * 60 * 1000, // 1 minute - max: 10, // Limit each IP to 10 requests per `window` (here, per 1 minutes) - standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers - legacyHeaders: false, // Disable the `X-RateLimit-*` headers -}); -api.use(rateLimiter); - // CSRF protection api.use(cookieParser()); const csrf = csurf({ cookie: true }); @@ -111,6 +101,7 @@ api.route('/upload') */ api.route('/actuate') + // file deepcode ignore NoRateLimitingForExpensiveWebOperation: This is already rate limited by the website, so we don't need to do it again .post(csrf, async (req: Request, res: Response) => { // Make sure the file being requested to run exists try { |