removed rate limiter, added cors support in case of protocol switching

2020-08-14 09:14:44 -07:00 · 2020-08-14 09:14:44 -07:00 · 6574a4efb6
commit 6574a4efb6
parent 137d449af3
3 changed files with 18 additions and 4 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -2313,6 +2313,15 @@
      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
    },
+    "cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "requires": {
+        "object-assign": "^4",
+        "vary": "^1"
+      }
+    },
    "create-ecdh": {
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.3.tgz",
@ -3844,9 +3853,9 @@
      }
    },
    "lodash": {
-      "version": "4.17.15",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
      "dev": true
    },
    "loose-envify": {
--- a/package.json
+++ b/package.json
@ -19,6 +19,7 @@
    "cl-editor": "^2.0.0",
    "compression": "^1.7.1",
    "cookie-parser": "^1.4.5",
+    "cors": "^2.8.5",
    "dotenv": "^8.2.0",
    "express": "^4.17.1",
    "express-fileupload": "^1.1.6",
--- a/src/server.js
+++ b/src/server.js
@ -10,6 +10,7 @@ import sessionFileStore from 'session-file-store';
 import { RateLimiterMemory } from 'rate-limiter-flexible';
 import fileUpload from 'express-fileupload';
 import fs from 'fs';
+import cors from 'cors';
 import helmet from 'helmet';
 import crypto from 'crypto';
 import Article from './models/article.js';
@ -108,6 +109,7 @@ const isAuthor = function(req, res, next) {

 express()
    .use(helmet())
+    .use(cors())
    .use(bodyParser.json())
    .use(bodyParser.urlencoded({ extended: true }))
    .use(fileUpload({
@ -178,6 +180,7 @@ express()
                }));
                return false;
            }
+            /*
            try {
                await registerRateLimiter.consume();
            } catch (err) {
@ -189,6 +192,7 @@ express()
                }));
                return false;
            }
+            */
            try {
                const user = await User.findOne({ username: req.body.username });
                if (user) {
@ -222,7 +226,7 @@ express()
    )

    .post('/cms/login',
-        rateLimiterMiddleware(loginAttemptRateLimiter),
+        // rateLimiterMiddleware(loginAttemptRateLimiter),
        passport.authenticate('local', { failWithError: true }),
        function(req, res, next) {
            // handle success