Update

2026-01-18 16:47:30 +01:00 · 2022-08-20 23:58:02 +02:00
parent 1e939d9c9c
commit 580d1748ba
7 changed files with 1890 additions and 7 deletions
--- a/api/config.json
+++ b/api/config.json
@@ -4,7 +4,7 @@
    "pterodactyl_api_key": "ptla_28BCpHTsEFDr80yyNU4WLsdkSbGwxnT5kqFuzEHjx81",
    "proxmox_url": "https://192.168.2.3:8006",
    "proxmox_user": "API@pve",
-    "proxmox_passwd": "G2lloq74",
+    "proxmox_passwd": "Pvf^!8mU65fCS2Zzkb6GX2$iHhE9wu38",
    "mysql_host": "192.168.2.39",
    "mysql_db": "mercurycloud_api",
    "mysql_usr": "mercurycloud_api",
@@ -13,5 +13,7 @@
    "smtp_port": 465,
    "smtp_ssl": true,
    "smtp_username": "noreply@mercurycloud.fr",
-    "smtp_pswd": "&G2lloq74&"
+    "smtp_pswd": "&G2lloq74&",
+    "rate_limit_time": 20,
+    "rate_limit_max_rate": 30
 }
--- a/api/latest.log
+++ b/api/latest.log
--- a/api/routes/products/proxmox-qemu-list.js
+++ b/api/routes/products/proxmox-qemu-list.js
@@ -32,7 +32,7 @@ router.get('', function (req, res) {
                return response.json()
            })
            .then(data => {
-                return res.json({'error': false, 'vms': data.data})            
+              return res.json({'error': false, 'vms': data.data})            
            })
            .catch(err => {
                server.logger(" [ERROR] Proxmox API Error " + err)
--- a/api/server.js
+++ b/api/server.js
@@ -13,12 +13,11 @@ const nodemailer = require("nodemailer");
 const config = require("./config.json")
 const fetch = require('cross-fetch');
 const rateLimit = require('express-rate-limit')
-var sqlinjection = require('./utils/sql-injection');
 const httpsAgent = new https.Agent({
  rejectUnauthorized: false,
 });
 const limiter = rateLimit({
-	windowMs: 2 * 60 * 1000,
+	windowMs: 4 * 60 * 1000,
 	max: 30,
 	standardHeaders: true,
 	legacyHeaders: false,
@@ -119,8 +118,8 @@ connection.connect(function(err) {
      bodyParser.json();
    });

-    app.use(limiter)
-    app.use(sqlinjection);
+    app.use(require('./utils/rate-limit'));
+    app.use(require('./utils/sql-injection'));
  
    // index //
    app.use('/api/', require('./routes/index.js'));
--- a/api/utils/rate-limit-windows/86.253.41.196.json
+++ b/api/utils/rate-limit-windows/86.253.41.196.json
@@ -0,0 +1 @@
+{"ip":"86.253.41.196","start_time":1661032455775,"rate":1}
--- a/api/utils/rate-limit.js
+++ b/api/utils/rate-limit.js
@@ -0,0 +1,31 @@
+const server = require('../server')
+const fs = require('fs')
+const config = require('../config.json')
+fs.readdirSync('utils/rate-limit-windows/').forEach(f => fs.rmSync(`${'utils/rate-limit-windows/'}/${f}`))
+
+function middleware(req, res, next) {
+    var forwardedIpsStr = req.header('x-forwarded-for')
+    var IP = ''
+  
+    if (forwardedIpsStr) {
+       IP = forwardedIps = forwardedIpsStr.split(',')[0]; 
+    }   
+
+    if (fs.existsSync('utils/rate-limit-windows/' + IP + '.json')) {
+        fs.readFile('utils/rate-limit-windows/' + IP + '.json', 'utf8', (err, data) => {
+            data_parsed = JSON.parse(data)
+            if (Date.now() >= data_parsed.start_time + config.rate_limit_time) {
+                fs.rmSync('utils/rate-limit-windows/' + IP + ".json")
+            } else {
+                data_parsed.rate++
+                fs.writeFileSync('utils/rate-limit-windows/' + IP + '.json', JSON.stringify(data_parsed))
+            }
+        });
+    } else {
+        fs.writeFileSync('utils/rate-limit-windows/' + IP + '.json', JSON.stringify({'ip' : IP, 'start_time' : Date.now(), 'rate': 1}))
+    }
+    next()
+}
+
+module.exports = middleware
+server.logger(' [INFO] Rate Limit protect loaded !')
--- a/api/utils/sql-injection.js
+++ b/api/utils/sql-injection.js
@@ -94,3 +94,4 @@ function middleware(req, res, next) {
 }

 module.exports = middleware;
+server.logger(" [INFO] SQL Injection protect loaded !")
				`@@ -0,0 +1 @@`
				`{"ip":"86.253.41.196","start_time":1661032455775,"rate":1}`