timxx/CloudSearch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.3.2: fix 401 on save-records fetch + fix 429 rate limiter behind proxy

Browse Source 
- AdminDashboard: M() now sends admin_token from localStorage with fetch
- rate-limit: keyGenerator uses req.ip instead of req.socket.remoteAddress
  (Express trust proxy reads X-Forwarded-For for real client IP)
- main.ts: moved global rateLimiter after express.static so static files
  (JS/CSS/admin page/favicon) are never rate-limited
This commit is contained in:
admin
2026-05-17 04:20:30 +08:00
parent e57298471a
commit 9a4751692f
4 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source_clean/src/main.ts
View File

@@ -38,8 +38,6 @@ app.use(morgan(':method :url :status :res[content-length] - :response-time ms'))
app.use(express.json({ limit: '10mb' }));
app.use(express.urlencoded({ extended: true, limit: '10mb' }));
app.use(rateLimiter);
// ============ 前端静态文件 ============
const frontendDist = path.join(__dirname, 'frontend');
// Cache control: HTML no-cache, hashed assets immutable
@@ -53,6 +51,9 @@ app.use((req, res, next) => {
});
app.use(express.static(frontendDist));
// ============ Rate Limiting (after static files — only API routes are limited)
app.use(rateLimiter);
// ============ Routes ============
app.use('/api/uploads', express.static('/app/uploads'));
app.use('/api', routes);