Add rate limiting to cookie test endpoint

2 months ago · c3d93a366f
parent d1a5e762ed
commit c3d93a366f
3 changed files with 27 additions and 1 deletions
--- a/backend/app.js
+++ b/backend/app.js
@ -8,6 +8,7 @@ const path = require('path');
 const compression = require('compression');
 const multer  = require('multer');
 const express = require("express");
+const rateLimit = require('express-rate-limit');
 const bodyParser = require("body-parser");
 const archiver = require('archiver');
 const unzipper = require('unzipper');
@ -693,6 +694,17 @@ app.use(function(req, res, next) {

 app.use(compression());

+const testCookiesRateLimiter = rateLimit({
+    windowMs: 60 * 1000,
+    max: 10,
+    standardHeaders: true,
+    legacyHeaders: false,
+    message: {
+        success: false,
+        error: 'Too many cookie test requests. Please wait a minute and try again.'
+    }
+});
+
 const optionalJwt = async function (req, res, next) {
    const multiUserMode = config_api.getConfigItem('ytdl_multi_user_mode');
    if (multiUserMode && ((req.body && req.body.uuid) || (req.query && req.query.uuid)) && (req.path.includes('/api/getFile') ||
@ -1631,7 +1643,7 @@ function normalizeCookieTestError(err) {
    return message.length > max_error_length ? message.substring(0, max_error_length) + '...' : message;
 }

-app.post('/api/testCookies', optionalJwt, async (req, res) => {
+app.post('/api/testCookies', testCookiesRateLimiter, optionalJwt, async (req, res) => {
    const logs = [];
    const use_cookies_enabled = config_api.getConfigItem('ytdl_use_cookies');
    const downloader = config_api.getConfigItem('ytdl_default_downloader');
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -21,6 +21,7 @@
        "config": "^3.2.3",
        "execa": "^5.1.1",
        "express": "^4.18.2",
+        "express-rate-limit": "^6.11.2",
        "express-session": "^1.17.3",
        "feed": "^4.2.2",
        "fluent-ffmpeg": "^2.1.2",
@ -1643,6 +1644,18 @@
        "node": ">= 0.10.0"
      }
    },
+    "node_modules/express-rate-limit": {
+      "version": "6.11.2",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.11.2.tgz",
+      "integrity": "sha512-a7uwwfNTh1U60ssiIkuLFWHt4hAC5yxlLGU2VP0X4YNlyEDZAqF4tK3GD3NSitVBrCQmQ0++0uOyFOgC2y4DDw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      },
+      "peerDependencies": {
+        "express": "^4 || ^5"
+      }
+    },
    "node_modules/express-session": {
      "version": "1.17.3",
      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@ -35,6 +35,7 @@
    "config": "^3.2.3",
    "execa": "^5.1.1",
    "express": "^4.18.2",
+    "express-rate-limit": "^6.11.2",
    "express-session": "^1.17.3",
    "feed": "^4.2.2",
    "fluent-ffmpeg": "^2.1.2",