diff options
author | Matt Strapp <matt@mattstrapp.net> | 2022-02-11 00:11:52 -0600 |
---|---|---|
committer | Matt Strapp <matt@mattstrapp.net> | 2022-02-11 00:11:52 -0600 |
commit | 0fbc317e926b5d80363979ee51a4e3c930014efd (patch) | |
tree | bfd8ce0fc829d80a46a2182b759057c25e4894fa /src/routes | |
parent | Get rid of express-session and use a cookie instead (diff) | |
download | ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.gz ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.bz2 ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.lz ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.xz ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.zst ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.zip |
Do a bunch of random things (still no feature parity)
sadge
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to '')
-rw-r--r-- | src/routes/api.ts | 40 | ||||
-rw-r--r-- | src/routes/api/actuate.ts | 0 | ||||
-rw-r--r-- | src/routes/api/login.ts | 0 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/routes/api.ts b/src/routes/api.ts new file mode 100644 index 0000000..4612c16 --- /dev/null +++ b/src/routes/api.ts @@ -0,0 +1,40 @@ +import express, { Request, Response } from 'express'; +import csurf from 'csurf'; +import cookieParser from 'cookie-parser'; +import fileUpload, { UploadedFile } from 'express-fileupload'; +import slowDown from 'express-slow-down'; + + +// Slow down everything to prevent DoS attacks +const speedLimiter = slowDown({ + windowMs: 5 * 60 * 1000, // 15 minutes + delayAfter: 50, // allow 100 requests per 5 minutes, then... + delayMs: 500 // begin adding 500ms of delay per request above 100: + // request # 101 is delayed by 500ms + // request # 102 is delayed by 1000ms + // request # 103 is delayed by 1500ms + // etc. +}); + + +const api = express.Router(); + +api.use(fileUpload()); +api.use(speedLimiter); + +// CSRF protection +api.use(cookieParser()); +const csrf = csurf({ cookie: true }); + +api.post('/upload', csrf, (req: Request, res: Response) => { + if (!req.files || Object.keys(req.files).length === 0) + return res.status(400).json({ err: 'ENOENT' }); + // Kludge to prevent a compiler error + const file: UploadedFile = req.files.file as UploadedFile; + console.log(file.mimetype); + if (file.mimetype !== 'text/x-python') + return res.status(400).json({ err: 'EINVAL' }); + res.status(200).json({ err: null }); +}); + +export default api;
\ No newline at end of file diff --git a/src/routes/api/actuate.ts b/src/routes/api/actuate.ts deleted file mode 100644 index e69de29..0000000 --- a/src/routes/api/actuate.ts +++ /dev/null diff --git a/src/routes/api/login.ts b/src/routes/api/login.ts deleted file mode 100644 index e69de29..0000000 --- a/src/routes/api/login.ts +++ /dev/null |