river-of-ebooks/config/http.js

93 lines
3.5 KiB
JavaScript

/**
* HTTP Server Settings
* (sails.config.http)
*
* Configuration for the underlying HTTP server in Sails.
* (for additional recommended settings, see `config/env/production.js`)
*
* For more information on configuration, check out:
* https://sailsjs.com/config/http
*/
const rateLimit = require('express-rate-limit')
const rateLimiter = rateLimit({
windowMs: 10 * 60 * 1000, // 10 minutes
max: 100, // limit each IP to 100 requests per windowMs
skip (req, res) {
return !req.path.startsWith('/api') || req.path.startsWith('/api/publish')
}
})
const publishLimiter = rateLimit({
windowMs: 1000 * 60 * 60 * 24, // 24 hours
max: 1000, // 1000 publish requests per day
skip (req, res) {
return !req.path.startsWith('/api/publish')
}
})
const allowCrossDomain = function (req, res, next) {
res.header('Access-Control-Allow-Origin', 'http://localhost:8080')
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,PATCH,DELETE')
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization')
res.header('Access-Control-Allow-Credentials', 'true')
next()
}
module.exports.http = {
/****************************************************************************
* *
* Sails/Express middleware to run for every HTTP request. *
* (Only applies to HTTP requests -- not virtual WebSocket requests.) *
* *
* https://sailsjs.com/documentation/concepts/middleware *
* *
****************************************************************************/
middleware: {
/***************************************************************************
* *
* The order in which middleware should be run for HTTP requests. *
* (This Sails app's routes are handled by the "router" middleware below.) *
* *
***************************************************************************/
order: [
'allowCrossDomain',
'rateLimit',
'publishLimit',
'cookieParser',
'session',
'passportInit',
'passportSession',
'bodyParser',
'compress',
'poweredBy',
'router',
'www',
'favicon'
],
rateLimit: rateLimiter,
publishLimit: publishLimiter,
passportInit: require('passport').initialize(),
passportSession: require('passport').session(),
allowCrossDomain: allowCrossDomain
/***************************************************************************
* *
* The body parser that will handle incoming multipart HTTP requests. *
* *
* https://sailsjs.com/config/http#?customizing-the-body-parser *
* *
***************************************************************************/
// bodyParser: (function _configureBodyParser(){
// var skipper = require('skipper');
// var middlewareFn = skipper({ strict: true });
// return middlewareFn;
// })(),
}
}