Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-10-27 11:18:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update rate limiter to use requestIp as key, pass in configurable error message

Browse Source
This commit is contained in:
advplyr 2025-07-12 10:32:35 -05:00
parent f0d5f46199
commit f081a7fdc1
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server/utils/rateLimiterFactory.js
View File

@ -1,5 +1,6 @@
const { rateLimit, RateLimitRequestHandler } = require('express-rate-limit')
const Logger = require('../Logger')
const requestIp = require('../libs/requestIp')
/**
* Factory for creating authentication rate limiters
@ -28,7 +29,7 @@ class RateLimiterFactory {
max = parseInt(process.env.RATE_LIMIT_AUTH_MAX)
}
let message = 'Too many requests, please try again later.'
let message = 'Too many authentication requests'
if (process.env.RATE_LIMIT_AUTH_MESSAGE) {
message = process.env.RATE_LIMIT_AUTH_MESSAGE
}
@ -36,18 +37,22 @@ class RateLimiterFactory {
this.authRateLimiter = rateLimit({
windowMs,
max,
message,
standardHeaders: true,
legacyHeaders: false,
keyGenerator: (req) => {
// Override keyGenerator to handle proxy IPs
return requestIp.getClientIp(req) || req.ip
},
handler: (req, res) => {
const userAgent = req.get('User-Agent') || 'Unknown'
const endpoint = req.path
const method = req.method
const ip = requestIp.getClientIp(req) || req.ip
Logger.warn(`[RateLimiter] Rate limit exceeded - IP: ${req.ip}, Endpoint: ${method} ${endpoint}, User-Agent: ${userAgent}`)
Logger.warn(`[RateLimiter] Rate limit exceeded - IP: ${ip}, Endpoint: ${method} ${endpoint}, User-Agent: ${userAgent}`)
res.status(429).json({
error: 'Too many authentication attempts, please try again later.'
error: message
})
}
})