Skip to content

Commit

Permalink
Ease some caps and limits for privileged authed (OpenUserJS#1913)
Browse files Browse the repository at this point in the history 
* Mod's need more access *(less cap limiting)* and of course Admin+.
* Rate limiting is in effect for Mods in case their device or network is compromised. May consider a "pardon" like with scoring when that time comes.

Applies to OpenUserJS#944

NOTE:
* This is a WIP. Ton of things to test and (re)consider. Patience is a virtue. ;) :)

Auto-merge
  • Loading branch information
@Martii
Martii committed Dec 30, 2021
1 parent ed77e31 commit 9fcc394
Showing 1 changed file with 40 additions and 1 deletion.
41 changes: 40 additions & 1 deletion routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,14 @@ var installCapLimiter = rateLimit({
handler: function (aReq, aRes, aNext, aOptions) {
aRes.header('Retry-After', waitInstallCapMin * 60 + 60);
aRes.status(429).send();
},
skip: function (aReq, aRes) {
var authedUser = aReq.session.user;

if (authedUser && authedUser.isMod) {
this.store.resetKey(this.keyGenerator);
return true;
}
}
});

Expand Down Expand Up @@ -84,10 +92,17 @@ var installRateLimiter = rateLimit({
keyGenerator: function (aReq, aRes, aNext) {
return aReq.ip + aReq._parsedUrl.pathname;
},
skip: function (aReq, aRes, aNext) {
skip: function (aReq, aRes) {
var authedUser = aReq.session.user;

if (aReq.params.type === 'libs') {
return true;
}

if (authedUser && authedUser.isAdmin) {
this.store.resetKey(this.keyGenerator);
return true;
}
}
});

Expand All @@ -104,6 +119,14 @@ var apiCapLimiter = rateLimit({
handler: function (aReq, aRes, aNext, aOptions) {
aRes.header('Retry-After', waitApiCapMin * 60 + 60);
aRes.status(429).send();
},
skip: function (aReq, aRes) {
var authedUser = aReq.session.user;

if (authedUser && authedUser.isMod) {
this.store.resetKey(this.keyGenerator);
return true;
}
}
});

Expand Down Expand Up @@ -146,6 +169,14 @@ var captchaCapLimiter = rateLimit({
width: 350
}))
);
},
skip: function (aReq, aRes) {
var authedUser = aReq.session.user;

if (authedUser && authedUser.isMod) {
this.store.resetKey(this.keyGenerator);
return true;
}
}
});

Expand Down Expand Up @@ -204,6 +235,14 @@ var listCapLimiter = rateLimit({
aRes.connection.destroy();
});
}
},
skip: function (aReq, aRes) {
var authedUser = aReq.session.user;

if (authedUser && authedUser.isMod) {
this.store.resetKey(this.keyGenerator);
return true;
}
}
});

Expand Down

0 comments on commit 9fcc394

Please sign in to comment.