From 4b20a96c9638dcf8733bbe6c3f557768c24a1954 Mon Sep 17 00:00:00 2001
From: tdurieux <durieuxthomas@hotmail.com>
Date: Mon, 28 Aug 2023 15:35:16 +0200
Subject: [PATCH] fix: rate limit

---
 src/server.ts | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/server.ts b/src/server.ts
index f884b7e..17f20f6 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -40,11 +40,8 @@ export default async function start() {
   app.use(express.json());
 
   app.use(compression());
-  app.set("trust proxy", config.TRUST_PROXY);
   app.set("etag", "strong");
 
-  app.get("/ip", (request, response) => response.send(request.ip));
-
   // handle session and connection
   app.use(initSession());
   app.use(passport.initialize());
@@ -78,6 +75,20 @@ export default async function start() {
       // if not logged in, limit to half the rate
       return config.RATE_LIMIT / 2;
     },
+    keyGenerator(
+      request: express.Request,
+      _response: express.Response
+    ): string {
+      if (request.headers["cf-connecting-ip"]) {
+        return request.headers["cf-connecting-ip"] as string;
+      }
+      if (!request.ip && request.socket.remoteAddress) {
+        console.error("Warning: request.ip is missing!");
+        return request.socket.remoteAddress;
+      }
+      // remove port number from IPv4 addresses
+      return request.ip.replace(/:\d+[^:]*$/, "");
+    },
     standardHeaders: true,
     legacyHeaders: false,
     message: (request: express.Request, response: express.Response) => {