chore: update api middlewares

2024-12-28 16:14:03 +08:00 · 2023-09-17 18:11:13 +08:00 · 2023-09-17 18:11:13 +08:00 · d5c1706e9c
commit d5c1706e9c
parent 3a1f82effa
1 changed files with 16 additions and 9 deletions
--- a/server/server.go
+++ b/server/server.go
@ -67,17 +67,24 @@ func NewServer(ctx context.Context, profile *profile.Profile, store *store.Store

 	e.Use(middleware.CORS())

-	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
-		Skipper:            defaultGetRequestSkipper,
-		XSSProtection:      "1; mode=block",
-		ContentTypeNosniff: "nosniff",
-		XFrameOptions:      "SAMEORIGIN",
-		HSTSPreloadEnabled: false,
+	e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
+		Timeout: 30 * time.Second,
 	}))

-	e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
-		ErrorMessage: "Request timeout",
-		Timeout:      30 * time.Second,
+	e.Use(middleware.RateLimiterWithConfig(middleware.RateLimiterConfig{
+		Store: middleware.NewRateLimiterMemoryStoreWithConfig(
+			middleware.RateLimiterMemoryStoreConfig{Rate: 30, Burst: 60, ExpiresIn: 3 * time.Minute},
+		),
+		IdentifierExtractor: func(ctx echo.Context) (string, error) {
+			id := ctx.RealIP()
+			return id, nil
+		},
+		ErrorHandler: func(context echo.Context, err error) error {
+			return context.JSON(http.StatusForbidden, nil)
+		},
+		DenyHandler: func(context echo.Context, identifier string, err error) error {
+			return context.JSON(http.StatusTooManyRequests, nil)
+		},
 	}))

 	serverID, err := s.getSystemServerID(ctx)