Setup different ratelimit for views and votes

config.json.example

@@ -27,7 +27,13 @@
       "vote": {
         "windowMs": 900000, // 15 minutes
         "max": 20, // 20 requests in 15min time window
-        "message": "Too many votes, please try again later"
+        "message": "Too many votes, please try again later",
+        "statusCode": 200
+      },
+      "view": {
+        "windowMs": 900000, // 15 minutes
+        "max": 20, // 20 requests in 15min time window
+        "statusCode": 200
       }
     }
 }

src/app.js

@@ -7,7 +7,7 @@ const getIP = require('./utils/getIP.js');
 const getHash = require('./utils/getHash.js');
 
 // Middleware 
-const voteRateLimitMiddleware = require('./middleware/voteRateLimit.js');
+const rateLimitMiddleware = require('./middleware/requestRateLimit.js');
 var corsMiddleware = require('./middleware/cors.js');
 var loggerMiddleware = require('./middleware/logger.js');
 const userCounter = require('./middleware/userCounter.js');
@@ -34,6 +34,14 @@ var getIsUserVIP = require('./routes/getIsUserVIP.js');
 var oldGetVideoSponsorTimes = require('./routes/oldGetVideoSponsorTimes.js');
 var oldSubmitSponsorTimes = require('./routes/oldSubmitSponsorTimes.js');
 
+// Rate limit endpoint lists
+let voteEndpoints = [voteOnSponsorTime.endpoint];
+let viewEndpoints = [viewedVideoSponsorTime];
+if (config.rateLimit) {
+    // if (config.rateLimit.vote) voteEndpoints.unshift(rateLimitMiddleware(config.rateLimit.vote));
+    if (config.rateLimit.view) viewEndpoints.unshift(rateLimitMiddleware(config.rateLimit.view));
+}
+
 //setup CORS correctly
 app.use(corsMiddleware);
 app.use(loggerMiddleware);
@@ -62,12 +70,12 @@ app.post('/api/skipSegments', postSkipSegments);
 app.get('/api/skipSegments/:prefix', getSkipSegmentsByHash);
 
 //voting endpoint
-app.get('/api/voteOnSponsorTime', voteRateLimitMiddleware, voteOnSponsorTime.endpoint);
-app.post('/api/voteOnSponsorTime', voteRateLimitMiddleware, voteOnSponsorTime.endpoint);
+app.get('/api/voteOnSponsorTime', ...voteEndpoints);
+app.post('/api/voteOnSponsorTime', ...voteEndpoints);
 
-//Endpoint when a sponsorTime is used up
-app.get('/api/viewedVideoSponsorTime', voteRateLimitMiddleware, viewedVideoSponsorTime);
-app.post('/api/viewedVideoSponsorTime', voteRateLimitMiddleware, viewedVideoSponsorTime);
+//Endpoint when a submission is skipped
+app.get('/api/viewedVideoSponsorTime', ...viewEndpoints);
+app.post('/api/viewedVideoSponsorTime', ...viewEndpoints);
 
 //To set your username for the stats view
 app.post('/api/setUsername', setUsername);

src/middleware/requestRateLimit.js

@@ -1,15 +1,15 @@
-const config = require('../config.js');
 const getIP = require('../utils/getIP.js');
 const getHash = require('../utils/getHash.js');
 const rateLimit = require('express-rate-limit');
 
-module.exports = rateLimit({
-  windowMs: config.rateLimit.vote.windowMs,
-  max: config.rateLimit.vote.max,
-  message: config.rateLimit.vote.message,
+module.exports = (limitConfig) => rateLimit({
+  windowMs: limitConfig.windowMs,
+  max: limitConfig.max,
+  message: limitConfig.message,
+  statusCode: limitConfig.statusCode,
   headers: false,
   keyGenerator: (req /*, res*/) => {
-    return getHash(req.ip, 1);
+    return getHash(getIP(req), 1);
   },
   skip: (/*req, res*/) => {
     // skip rate limit if running in test mode

test.json

@@ -51,10 +51,16 @@
     ],
     "categoryList": ["sponsor", "intro", "outro", "interaction", "selfpromo", "music_offtopic"],
     "rateLimit": {
-      "vote": {
-        "windowMs": 900000,
-        "max": 20,
-        "message": "Too many votes, please try again later"
+        "vote": {
+          "windowMs": 900000,
+          "max": 20,
+          "message": "Too many votes, please try again later",
+          "statusCode": 200
+        },
+        "view": {
+          "windowMs": 900000,
+          "max": 20,
+          "statusCode": 200
+        }
       }
-    }
 }