Merge pull request #2955 from omnivore-app/fix/rate-limit

log x-forwarded-for header for debugging purpose
2023-10-18 13:10:59 +08:00
parent f8d5e3f261 46313b14ba
commit 30ba88e9b2
2 changed files with 6 additions and 0 deletions
--- a/packages/api/src/server.ts
+++ b/packages/api/src/server.ts
@ -58,6 +58,9 @@ export const createApp = (): {
  app.use(json({ limit: '100mb' }))
  app.use(urlencoded({ limit: '100mb', extended: true }))

+  // set to true if behind a reverse proxy/load balancer
+  app.set('trust proxy', env.server.trustProxy)
+
  const apiLimiter = rateLimit({
    windowMs: 60 * 1000, // 1 minute
    max: async (req) => {
--- a/packages/api/src/util.ts
+++ b/packages/api/src/util.ts
@ -21,6 +21,7 @@ interface BackendEnv {
    gateway_url: string
    apiEnv: string
    instanceId: string
+    trustProxy: boolean
  }
  client: {
    url: string
@ -159,6 +160,7 @@ const nullableEnvVars = [
  'RSS_FEED_TASK_HANDLER_URL',
  'SENDGRID_VERIFICATION_TEMPLATE_ID',
  'REMINDER_TASK_HANDLER_URL',
+  'TRUST_PROXY',
 ] // Allow some vars to be null/empty

 /* If not in GAE and Prod/QA/Demo env (f.e. on localhost/dev env), allow following env vars to be null */
@ -207,6 +209,7 @@ export function getEnv(): BackendEnv {
    apiEnv: parse('API_ENV'),
    instanceId:
      parse('GAE_INSTANCE') || `x${os.userInfo().username}_${os.hostname()}`,
+    trustProxy: parse('TRUST_PROXY') === 'true',
  }
  const client = {
    url: parse('CLIENT_URL'),