fix: fix getUser in rate limit

2026-02-12 18:32:44 +00:00 · 2023-04-03 11:18:15 +02:00
parent f8a0315a1d
commit d29d4281ab
2 changed files with 10 additions and 3 deletions
--- a/src/routes/route-utils.ts
+++ b/src/routes/route-utils.ts
@@ -129,6 +129,9 @@ export async function getUser(req: express.Request) {
      httpStatus: 401,
    });
  }
+  if (!req.user) {
+    notConnected();
+  }
  const user = (req.user as any).user;
  if (!user) {
    notConnected();
--- a/src/server.ts
+++ b/src/server.ts
@@ -68,9 +68,13 @@ export default async function start() {
    }),
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: async (request: express.Request, response: express.Response) => {
-      const user = await getUser(request);
-      if (user && user.isAdmin) return 0;
-      if (user) return config.RATE_LIMIT;
+      try {
+        const user = await getUser(request);
+        if (user && user.isAdmin) return 0;
+        if (user) return config.RATE_LIMIT;
+      } catch (_) {
+        // ignore: user not connected
+      }
      // if not logged in, limit to half the rate
      return config.RATE_LIMIT / 2;
    },