93 lines
3.5 KiB
JavaScript
93 lines
3.5 KiB
JavaScript
/**
|
|
* HTTP Server Settings
|
|
* (sails.config.http)
|
|
*
|
|
* Configuration for the underlying HTTP server in Sails.
|
|
* (for additional recommended settings, see `config/env/production.js`)
|
|
*
|
|
* For more information on configuration, check out:
|
|
* https://sailsjs.com/config/http
|
|
*/
|
|
|
|
const rateLimit = require('express-rate-limit')
|
|
const rateLimiter = rateLimit({
|
|
windowMs: 10 * 60 * 1000, // 10 minutes
|
|
max: 100, // limit each IP to 100 requests per windowMs
|
|
skip (req, res) {
|
|
return !req.path.startsWith('/api') || req.path.startsWith('/api/publish')
|
|
}
|
|
})
|
|
|
|
const publishLimiter = rateLimit({
|
|
windowMs: 1000 * 60 * 60 * 24, // 24 hours
|
|
max: 1000, // 1000 publish requests per day
|
|
skip (req, res) {
|
|
return !req.path.startsWith('/api/publish')
|
|
}
|
|
})
|
|
|
|
const allowCrossDomain = function (req, res, next) {
|
|
res.header('Access-Control-Allow-Origin', 'http://localhost:8080')
|
|
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,PATCH,DELETE')
|
|
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization')
|
|
res.header('Access-Control-Allow-Credentials', 'true')
|
|
next()
|
|
}
|
|
|
|
module.exports.http = {
|
|
|
|
/****************************************************************************
|
|
* *
|
|
* Sails/Express middleware to run for every HTTP request. *
|
|
* (Only applies to HTTP requests -- not virtual WebSocket requests.) *
|
|
* *
|
|
* https://sailsjs.com/documentation/concepts/middleware *
|
|
* *
|
|
****************************************************************************/
|
|
|
|
middleware: {
|
|
|
|
/***************************************************************************
|
|
* *
|
|
* The order in which middleware should be run for HTTP requests. *
|
|
* (This Sails app's routes are handled by the "router" middleware below.) *
|
|
* *
|
|
***************************************************************************/
|
|
|
|
order: [
|
|
'allowCrossDomain',
|
|
'rateLimit',
|
|
'publishLimit',
|
|
'cookieParser',
|
|
'session',
|
|
'passportInit',
|
|
'passportSession',
|
|
'bodyParser',
|
|
'compress',
|
|
'poweredBy',
|
|
'router',
|
|
'www',
|
|
'favicon'
|
|
],
|
|
rateLimit: rateLimiter,
|
|
publishLimit: publishLimiter,
|
|
passportInit: require('passport').initialize(),
|
|
passportSession: require('passport').session(),
|
|
allowCrossDomain: allowCrossDomain,
|
|
|
|
/***************************************************************************
|
|
* *
|
|
* The body parser that will handle incoming multipart HTTP requests. *
|
|
* *
|
|
* https://sailsjs.com/config/http#?customizing-the-body-parser *
|
|
* *
|
|
***************************************************************************/
|
|
|
|
bodyParser: (function _configureBodyParser () {
|
|
const skipper = require('skipper')
|
|
const middlewareFn = skipper({ strict: true })
|
|
return middlewareFn
|
|
})()
|
|
}
|
|
}
|