Skip to content

Commit 79e69f2

Browse files
sampaiodiegosampaiodiego
committed
Add rate limiter to UiKit endpoints
1 parent e82dc74 commit 79e69f2

File tree

3 files changed

+246
-355
lines changed

3 files changed

+246
-355
lines changed

app/apps/server/communication/uikit.js

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
11
import express from 'express';
2+
import rateLimit from 'express-rate-limit';
3+
import { Meteor } from 'meteor/meteor';
24
import { WebApp } from 'meteor/webapp';
35
import { UIKitIncomingInteractionType } from '@rocket.chat/apps-engine/definition/uikit';
46

57
import { Users } from '../../../models/server';
8+
import { settings } from '../../../settings/server';
69

710
const apiServer = express();
811

@@ -13,11 +16,21 @@ WebApp.connectHandlers.use(apiServer);
1316
// eslint-disable-next-line new-cap
1417
const router = express.Router();
1518

16-
const unauthorized = (res) =>
17-
res.status(401).send({
18-
status: 'error',
19-
message: 'You must be logged in to do this.',
19+
const unauthorized = (res) => res.status(401).send({
20+
status: 'error',
21+
message: 'You must be logged in to do this.',
22+
});
23+
24+
Meteor.startup(() => {
25+
const apiLimiter = rateLimit({
26+
windowMs: settings.get('API_Enable_Rate_Limiter_Limit_Time_Default'),
27+
max: settings.get('API_Enable_Rate_Limiter_Limit_Calls_Default'),
28+
skip: () =>
29+
settings.get('API_Enable_Rate_Limiter') !== true
30+
|| (process.env.NODE_ENV === 'development' && settings.get('API_Enable_Rate_Limiter_Dev') !== true),
2031
});
32+
router.use(apiLimiter);
33+
});
2134

2235
router.use((req, res, next) => {
2336
const {

0 commit comments

Comments
 (0)