ratelimit edits references #121

4 years ago · d0bcebd4e3
parent efe7451982
commit d0bcebd4e3
2 changed files with 14 additions and 2 deletions
--- a/configs/main.js.example
+++ b/configs/main.js.example
@ -70,6 +70,7 @@ module.exports = {
 	rateLimitCost: { //Cost out of 100 per minute e.g. cost of 25 means 4 per minute. Cost is separate for each.
 		captcha: 10,
 		boardSettings: 30,
+		editPost: 30,
 	},

 	//cache templates in memory. disable only if editing templates and doing dev work
--- a/controllers/forms/editpost.js
+++ b/controllers/forms/editpost.js
@ -2,8 +2,8 @@

 const editPost = require(__dirname+'/../../models/forms/editpost.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, { globalLimits } = require(__dirname+'/../../configs/main.js')
-	, { Posts, Boards } = require(__dirname+'/../../db/');
+	, { rateLimitCost, globalLimits } = require(__dirname+'/../../configs/main.js')
+	, { Ratelimits, Posts, Boards } = require(__dirname+'/../../db/');

 module.exports = async (req, res, next) => {

@ -47,6 +47,17 @@ module.exports = async (req, res, next) => {
 		});
 	}

+	if (res.locals.permLevel > 1) { //if not global staff or above
+		const ratelimitUser = await Ratelimits.incrmentQuota(req.session.user.username, 'edit', rateLimitCost.editPost);
+		const ratelimitIp = await Ratelimits.incrmentQuota(res.locals.ip.single, 'edit', rateLimitCost.editPost);
+		if (ratelimitUser > 100 || ratelimitIp > 100) {
+			return dynamicResponse(req, res, 429, 'message', {
+				'title': 'Ratelimited',
+				'error': 'You are editing posts too quickly, please wait a minute and try again',
+			});
+		}
+	}
+
 	try {
 		await editPost(req, res, next);
 	} catch (err) {