admin/freealberta
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed admin rate issues

Browse Source
This commit is contained in:
admin 2025-08-11 14:16:44 -06:00
parent d8c08c8451
commit b885d89ae4
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
map/app/middleware/rateLimiter.js
View File

@ -28,16 +28,20 @@ const strictLimiter = rateLimit({
message: 'Too many write operations, please try again later.' message: 'Too many write operations, please try again later.'
}); });
// Auth-specific limiter // Auth-specific limiter with admin bypass capability
const authLimiter = rateLimit({ const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000, windowMs: 15 * 60 * 1000,
max: config.isProduction ? 10 : 50, max: config.isProduction ? 30 : 50, // Increased from 10 to 30 for production
keyGenerator, keyGenerator,
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
trustProxy: true, // Explicitly trust proxy trustProxy: true, // Explicitly trust proxy
message: 'Too many login attempts, please try again later.', message: 'Too many login attempts, please try again later.',
skipSuccessfulRequests: true skipSuccessfulRequests: true,
skip: (req, res) => {
// Skip rate limiting for authenticated admin users on certain admin endpoints
return req.session?.isAdmin && req.path?.includes('/admin');
}
}); });
// Temp user rate limiter - stricter but allows for auto-refresh // Temp user rate limiter - stricter but allows for auto-refresh
@ -63,10 +67,22 @@ const conditionalTempLimiter = (req, res, next) => {
return apiLimiter(req, res, next); return apiLimiter(req, res, next);
}; };
// Admin-friendly limiter for admin operations
const adminLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 200, // High limit for admin operations
keyGenerator,
standardHeaders: true,
legacyHeaders: false,
trustProxy: true,
message: 'Rate limit exceeded for admin operations. Please try again later.'
});
module.exports = { module.exports = {
apiLimiter, apiLimiter,
strictLimiter, strictLimiter,
authLimiter, authLimiter,
tempUserLimiter, tempUserLimiter,
conditionalTempLimiter conditionalTempLimiter,
adminLimiter
}; };

6
map/app/routes/auth.js
View File

@ -3,10 +3,16 @@ const router = express.Router();
const authController = require('../controllers/authController'); const authController = require('../controllers/authController');
const passwordRecoveryController = require('../controllers/passwordRecoveryController'); const passwordRecoveryController = require('../controllers/passwordRecoveryController');
const { authLimiter } = require('../middleware/rateLimiter'); const { authLimiter } = require('../middleware/rateLimiter');
const config = require('../config');
// Login route with rate limiting // Login route with rate limiting
router.post('/login', authLimiter, authController.login); router.post('/login', authLimiter, authController.login);
// Debug login route without rate limiting (only in development or for testing)
if (!config.isProduction) {
router.post('/debug-login', authController.login);
}
// Password recovery route with rate limiting // Password recovery route with rate limiting
router.post('/recover-password', authLimiter, passwordRecoveryController.requestPassword); router.post('/recover-password', authLimiter, passwordRecoveryController.requestPassword);