3 лет назад · bc84c904f8
--- a/packages/app/src/server/routes/apiv3/forgot-password.js
+++ b/packages/app/src/server/routes/apiv3/forgot-password.js
@@ -1,5 +1,4 @@
 
				 import { format, subSeconds } from 'date-fns';
			
 
				-import rateLimit from 'express-rate-limit';
			
 
				 
			
 
				 import injectResetOrderByTokenMiddleware from '~/server/middlewares/inject-reset-order-by-token-middleware';
			
 
				 import PasswordResetOrder from '~/server/models/password-reset-order';
			
@@ -38,13 +37,6 @@ module.exports = (crowi) => {
 
				     ],
			
 
				   };
			
 
				 
			
 
				-  const apiLimiter = rateLimit({
			
 
				-    windowMs: 15 * 60 * 1000, // 15 minutes
			
 
				-    max: 10, // limit each IP to 10 requests per windowMs
			
 
				-    message:
			
 
				-      'Too many requests were sent from this IP. Please try a password reset request again on the password reset request form',
			
 
				-  });
			
 
				-
			
 
				   const checkPassportStrategyMiddleware = checkForgotPasswordEnabledMiddlewareFactory(crowi, true);
			
 
				 
			
 
				   async function sendPasswordResetEmail(txtFileName, i18n, email, url, expiredAt) {
			
@@ -92,7 +84,7 @@ module.exports = (crowi) => {
 
				   });
			
 
				 
			
 
				   // eslint-disable-next-line max-len
			
 
				-  router.put('/', apiLimiter, checkPassportStrategyMiddleware, injectResetOrderByTokenMiddleware, csrf, validator.password, apiV3FormValidator, async(req, res) => {
			
 
				+  router.put('/', checkPassportStrategyMiddleware, injectResetOrderByTokenMiddleware, csrf, validator.password, apiV3FormValidator, async(req, res) => {
			
 
				     const { passwordResetOrder } = req;
			
 
				     const { email } = passwordResetOrder;
			
 
				     const grobalLang = configManager.getConfig('crowi', 'app:globalLang');
			
--- a/packages/app/src/server/routes/index.js
+++ b/packages/app/src/server/routes/index.js
@@ -15,17 +15,9 @@ import * as forgotPassword from './forgot-password';
 
				 import * as privateLegacyPages from './private-legacy-pages';
			
 
				 import * as userActivation from './user-activation';
			
 
				 
			
 
				-// const rateLimit = require('express-rate-limit');
			
 
				 const multer = require('multer');
			
 
				 const autoReap = require('multer-autoreap');
			
 
				 
			
 
				-// const apiLimiter = rateLimit({
			
 
				-//   windowMs: 15 * 60 * 1000, // 15 minutes
			
 
				-//   max: 10, // limit each IP to 10 requests per windowMs
			
 
				-//   message:
			
 
				-//     'Too many requests sent from this IP, please try again after 15 minutes',
			
 
				-// });
			
 
				-
			
 
				 autoReap.options.reapOnError = true; // continue reaping the file even if an error occurs
			
 
				 
			
 
				 module.exports = function(crowi, app) {