From d29d4281ab4497f2e0cd0a3b732f6ca66d6ab7f0 Mon Sep 17 00:00:00 2001
From: tdurieux <durieuxthomas@hotmail.com>
Date: Mon, 3 Apr 2023 11:18:15 +0200
Subject: [PATCH] fix: fix getUser in rate limit

---
 src/routes/route-utils.ts |  3 +++
 src/server.ts             | 10 +++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/routes/route-utils.ts b/src/routes/route-utils.ts
index 795caa6..6265b60 100644
--- a/src/routes/route-utils.ts
+++ b/src/routes/route-utils.ts
@@ -129,6 +129,9 @@ export async function getUser(req: express.Request) {
       httpStatus: 401,
     });
   }
+  if (!req.user) {
+    notConnected();
+  }
   const user = (req.user as any).user;
   if (!user) {
     notConnected();
diff --git a/src/server.ts b/src/server.ts
index bb32878..2d71d16 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -68,9 +68,13 @@ export default async function start() {
     }),
     windowMs: 15 * 60 * 1000, // 15 minutes
     max: async (request: express.Request, response: express.Response) => {
-      const user = await getUser(request);
-      if (user && user.isAdmin) return 0;
-      if (user) return config.RATE_LIMIT;
+      try {
+        const user = await getUser(request);
+        if (user && user.isAdmin) return 0;
+        if (user) return config.RATE_LIMIT;
+      } catch (_) {
+        // ignore: user not connected
+      }
       // if not logged in, limit to half the rate
       return config.RATE_LIMIT / 2;
     },