strapi/packages/core/admin/server/middlewares/rateLimit.js

'use strict';

const utils = require('@strapi/utils');
const { toLower } = require('lodash/fp');

const { RateLimitError } = utils.errors;

module.exports =
  (config, { strapi }) =>
  async (ctx, next) => {
    let ratelimitConfig = strapi.config.get('admin.ratelimit');

    if (!ratelimitConfig || !has('enabled', ratelimitConfig)) {
      ratelimitConfig = {
        enabled: true,
      };
    }

    if (ratelimitConfig.enabled === true) {
      const ratelimit = require('koa2-ratelimit').RateLimit;

      const userEmail = toLower(ctx.request.body.email) || 'unknownEmail';

      return ratelimit.middleware({
        interval: { min: 5 },
        max: 5,
        prefixKey: `${userEmail}:${ctx.request.path}:${ctx.request.ip}`,
        handler() {
          throw new RateLimitError();
        },
        ...ratelimitConfig,
        ...config,
      })(ctx, next);
    }

    return next();
  };
Create new admin rate limit middleware and rate limit error class Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com> 2022-10-05 08:21:34 -07:00			`'use strict';`

			`const utils = require('@strapi/utils');`
rate limit only on login 2022-11-02 18:49:05 +01:00			`const { toLower } = require('lodash/fp');`
Create new admin rate limit middleware and rate limit error class Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com> 2022-10-05 08:21:34 -07:00
			`const { RateLimitError } = utils.errors;`

			`module.exports =`
			`(config, { strapi }) =>`
			`async (ctx, next) => {`
implement config option to disable ratelimit 2022-12-16 10:42:28 -07:00			`let ratelimitConfig = strapi.config.get('admin.ratelimit');`

Update packages/core/admin/server/middlewares/rateLimit.js Co-authored-by: Pierre Noël <petersg83@users.noreply.github.com> 2022-12-19 11:40:37 -07:00			`if (!ratelimitConfig \|\| !has('enabled', ratelimitConfig)) {`
implement config option to disable ratelimit 2022-12-16 10:42:28 -07:00			`ratelimitConfig = {`
			`enabled: true,`
			`};`
			`}`

			`if (ratelimitConfig.enabled === true) {`
			`const ratelimit = require('koa2-ratelimit').RateLimit;`

			`const userEmail = toLower(ctx.request.body.email) \|\| 'unknownEmail';`

			`return ratelimit.middleware({`
			`interval: { min: 5 },`
			`max: 5,`
			prefixKey: `${userEmail}:${ctx.request.path}:${ctx.request.ip}`,
			`handler() {`
			`throw new RateLimitError();`
			`},`
			`...ratelimitConfig,`
			`...config,`
			`})(ctx, next);`
			`}`

			`return next();`
Create new admin rate limit middleware and rate limit error class Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com> 2022-10-05 08:21:34 -07:00			`};`