add default config

packages/app/src/server/middlewares/api-rate-limiter.ts

@@ -5,7 +5,7 @@ import { RateLimiterMongo } from 'rate-limiter-flexible';
 
 import loggerFactory from '~/utils/logger';
 
-import { generateApiRateLimitConfig } from '../util/generateApiRateLimitConfig';
+import { generateApiRateLimitConfig } from '../util/api-rate-limit-config/generateApiRateLimitConfig';
 
 
 const logger = loggerFactory('growi:middleware:api-rate-limit');

packages/app/src/server/util/api-rate-limit-config/defaultApiRateLimitConfig.ts

@@ -0,0 +1,61 @@
+import { IApiRateLimitConfig } from '../../interfaces/api-rate-limit-config';
+
+// strict config
+
+const defaultStrictMaxRequests = 1; // per second
+
+const defaultStrictConfigKey: IApiRateLimitConfig = {
+  '/login/activateInvited': {
+    method: 'POST',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/login': {
+    method: 'POST',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/register': {
+    method: 'POST',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/installer': {
+    method: 'POST',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/_api/login/testLdap': {
+    method: 'POST',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/forgot-password/:token': {
+    method: 'GET',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/user-activation/:token': {
+    method: 'GET',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/user-activation/register': {
+    method: 'POST',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/download/:id([0-9a-z]{24})': {
+    method: 'GET',
+    maxRequests: defaultStrictMaxRequests,
+  },
+  '/share/:linkId': {
+    method: 'GET',
+    maxRequests: defaultStrictMaxRequests,
+  },
+};
+
+
+// infinity config
+
+const defaultInfinityConfigKey: IApiRateLimitConfig = {
+  '/_api/v3/healthcheck': {
+    method: 'GET',
+    maxRequests: Infinity,
+  },
+};
+
+
+export default { ...defaultStrictConfigKey, ...defaultInfinityConfigKey };

packages/app/src/server/util/generateApiRateLimitConfig.ts → packages/app/src/server/util/api-rate-limit-config/generateApiRateLimitConfig.ts

@@ -1,4 +1,6 @@
-import { IApiRateLimitConfig } from '../interfaces/api-rate-limit-config';
+import { IApiRateLimitConfig } from '../../interfaces/api-rate-limit-config';
+
+import defaultApiRateLimitConfig from './defaultApiRateLimitConfig';
 
 const getTargetFromKey = (key: string) => {
   return key.replace(/^API_RATE_LIMIT_/, '').replace(/_ENDPOINT$/, '');
@@ -48,11 +50,5 @@ export const generateApiRateLimitConfig = (): IApiRateLimitConfig => {
   // get config
   const apiRateLimitConfig = generateApiRateLimitConfigFromEndpoint(envVar, apiRateEndpointKeys);
 
-  // default setting e.g. healthchack
-  apiRateLimitConfig['/_api/v3/healthcheck'] = {
-    method: 'GET',
-    maxRequests: 0,
-  };
-
-  return apiRateLimitConfig;
+  return { ...apiRateLimitConfig, ...defaultApiRateLimitConfig };
 };