ben.carrasco/jambonz-api-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-api-server.git synced 2025-12-19 05:47:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

add rate limit by real ip or apikey (#455)

Browse Source
This commit is contained in:
Sam Machin
2025-05-23 17:36:35 +01:00
committed by GitHub
parent f23c4fbd48
commit 3f2a304830
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app.js
View File

@@ -128,11 +128,27 @@ const unless = (paths, middleware) => {
};
};
const RATE_LIMIT_BY = process.env.RATE_LIMIT_BY || 'system';
const limiter = rateLimit({
windowMs: (process.env.RATE_LIMIT_WINDOWS_MINS || 5) * 60 * 1000, // 5 minutes
max: process.env.RATE_LIMIT_MAX_PER_WINDOW || 600, // Limit each IP to 600 requests per `window`
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
keyGenerator: (req, res) => {
switch (RATE_LIMIT_BY) {
case 'system':
return '127.0.0.1';
case 'apikey':
// uses shared limit for requests without an authorization header
const token = req.headers.authorization?.split(' ')[1] || '127.0.0.1';
return token;
case 'ip':
return req.headers['x-real-ip'];
default:
return '127.0.0.1';
}
}
});
// Setup websocket for recording audio