From d5c1706e9cb2b24dfd16cd8470366c47b63ca00f Mon Sep 17 00:00:00 2001 From: Steven Date: Sun, 17 Sep 2023 18:11:13 +0800 Subject: [PATCH] chore: update api middlewares --- server/server.go | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/server/server.go b/server/server.go index c879ea3d..284d5263 100644 --- a/server/server.go +++ b/server/server.go @@ -67,17 +67,24 @@ func NewServer(ctx context.Context, profile *profile.Profile, store *store.Store e.Use(middleware.CORS()) - e.Use(middleware.SecureWithConfig(middleware.SecureConfig{ - Skipper: defaultGetRequestSkipper, - XSSProtection: "1; mode=block", - ContentTypeNosniff: "nosniff", - XFrameOptions: "SAMEORIGIN", - HSTSPreloadEnabled: false, + e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{ + Timeout: 30 * time.Second, })) - e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{ - ErrorMessage: "Request timeout", - Timeout: 30 * time.Second, + e.Use(middleware.RateLimiterWithConfig(middleware.RateLimiterConfig{ + Store: middleware.NewRateLimiterMemoryStoreWithConfig( + middleware.RateLimiterMemoryStoreConfig{Rate: 30, Burst: 60, ExpiresIn: 3 * time.Minute}, + ), + IdentifierExtractor: func(ctx echo.Context) (string, error) { + id := ctx.RealIP() + return id, nil + }, + ErrorHandler: func(context echo.Context, err error) error { + return context.JSON(http.StatusForbidden, nil) + }, + DenyHandler: func(context echo.Context, identifier string, err error) error { + return context.JSON(http.StatusTooManyRequests, nil) + }, })) serverID, err := s.getSystemServerID(ctx)