From 6574a4efb66a13d215cc0590dee432f25197fc17 Mon Sep 17 00:00:00 2001
From: scoliono <2191476+scoliono@users.noreply.github.com>
Date: Fri, 14 Aug 2020 09:14:44 -0700
Subject: [PATCH] removed rate limiter, added cors support in case of protocol
 switching

---
 package-lock.json | 15 ++++++++++++---
 package.json      |  1 +
 src/server.js     |  6 +++++-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e844354..3e5a223 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2313,6 +2313,15 @@
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
     },
+    "cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "requires": {
+        "object-assign": "^4",
+        "vary": "^1"
+      }
+    },
     "create-ecdh": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.3.tgz",
@@ -3844,9 +3853,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.15",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
       "dev": true
     },
     "loose-envify": {
diff --git a/package.json b/package.json
index b06bf42..a64e3af 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,7 @@
     "cl-editor": "^2.0.0",
     "compression": "^1.7.1",
     "cookie-parser": "^1.4.5",
+    "cors": "^2.8.5",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
     "express-fileupload": "^1.1.6",
diff --git a/src/server.js b/src/server.js
index 334e7b6..804e4e2 100644
--- a/src/server.js
+++ b/src/server.js
@@ -10,6 +10,7 @@ import sessionFileStore from 'session-file-store';
 import { RateLimiterMemory } from 'rate-limiter-flexible';
 import fileUpload from 'express-fileupload';
 import fs from 'fs';
+import cors from 'cors';
 import helmet from 'helmet';
 import crypto from 'crypto';
 import Article from './models/article.js';
@@ -108,6 +109,7 @@ const isAuthor = function(req, res, next) {
 
 express()
     .use(helmet())
+    .use(cors())
     .use(bodyParser.json())
     .use(bodyParser.urlencoded({ extended: true }))
     .use(fileUpload({
@@ -178,6 +180,7 @@ express()
                 }));
                 return false;
             }
+            /*
             try {
                 await registerRateLimiter.consume();
             } catch (err) {
@@ -189,6 +192,7 @@ express()
                 }));
                 return false;
             }
+            */
             try {
                 const user = await User.findOne({ username: req.body.username });
                 if (user) {
@@ -222,7 +226,7 @@ express()
     )
 
     .post('/cms/login',
-        rateLimiterMiddleware(loginAttemptRateLimiter),
+        // rateLimiterMiddleware(loginAttemptRateLimiter),
         passport.authenticate('local', { failWithError: true }),
         function(req, res, next) {
             // handle success