strapi/packages/core/admin/server/middlewares/rateLimit.js

'use strict';

const utils = require('@strapi/utils');
const { has, toLower } = require('lodash/fp');

const { RateLimitError } = utils.errors;

module.exports =
  (config, { strapi }) =>
  async (ctx, next) => {
    let ratelimitConfig = strapi.config.get('admin.ratelimit');

    if (!ratelimitConfig) {
      ratelimitConfig = {
        enabled: true,
      };
    }

    if (!has('enabled', ratelimitConfig)) {
      ratelimitConfig.enabled = true;
    }

    if (ratelimitConfig.enabled === true) {
      const ratelimit = require('koa2-ratelimit').RateLimit;

      const userEmail = toLower(ctx.request.body.email) || 'unknownEmail';

      const loadConfig = {
        interval: { min: 5 },
        max: 5,
        prefixKey: `${userEmail}:${ctx.request.path}:${ctx.request.ip}`,
        handler() {
          throw new RateLimitError();
        },
        ...ratelimitConfig,
        ...config,
      };

      console.log(loadConfig);

      return ratelimit.middleware(loadConfig)(ctx, next);
    }

    return next();
  };
Create new admin rate limit middleware and rate limit error class Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com> 2022-10-05 08:21:34 -07:00			`'use strict';`

			`const utils = require('@strapi/utils');`
Update packages/core/admin/server/middlewares/rateLimit.js Co-authored-by: Ben Irvin <ben@innerdvations.com> 2022-12-20 08:03:33 -07:00			`const { has, toLower } = require('lodash/fp');`
Create new admin rate limit middleware and rate limit error class Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com> 2022-10-05 08:21:34 -07:00
			`const { RateLimitError } = utils.errors;`

			`module.exports =`
			`(config, { strapi }) =>`
			`async (ctx, next) => {`
implement config option to disable ratelimit 2022-12-16 10:42:28 -07:00			`let ratelimitConfig = strapi.config.get('admin.ratelimit');`

refactor config loading 2022-12-27 08:20:38 -07:00			`if (!ratelimitConfig) {`
implement config option to disable ratelimit 2022-12-16 10:42:28 -07:00			`ratelimitConfig = {`
			`enabled: true,`
			`};`
			`}`

refactor config loading 2022-12-27 08:20:38 -07:00			`if (!has('enabled', ratelimitConfig)) {`
			`ratelimitConfig.enabled = true;`
			`}`

implement config option to disable ratelimit 2022-12-16 10:42:28 -07:00			`if (ratelimitConfig.enabled === true) {`
			`const ratelimit = require('koa2-ratelimit').RateLimit;`

			`const userEmail = toLower(ctx.request.body.email) \|\| 'unknownEmail';`

refactor config loading 2022-12-27 08:20:38 -07:00			`const loadConfig = {`
implement config option to disable ratelimit 2022-12-16 10:42:28 -07:00			`interval: { min: 5 },`
			`max: 5,`
			prefixKey: `${userEmail}:${ctx.request.path}:${ctx.request.ip}`,
			`handler() {`
			`throw new RateLimitError();`
			`},`
			`...ratelimitConfig,`
			`...config,`
refactor config loading 2022-12-27 08:20:38 -07:00			`};`

			`console.log(loadConfig);`

			`return ratelimit.middleware(loadConfig)(ctx, next);`
implement config option to disable ratelimit 2022-12-16 10:42:28 -07:00			`}`

			`return next();`
Create new admin rate limit middleware and rate limit error class Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com> 2022-10-05 08:21:34 -07:00			`};`