wisecolt/q-buffer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revert 377971411a

Browse Source 
revert feat(api): merkezi rate limiting sistemi ekle

Yeni rate-limiter middleware modülü oluşturuldu. loginLimiter (5 istek/dakika),
apiLimiter (30 istek/dakika) ve uploadLimiter (10 istek/dakika) tanımlandı.
Auth, loop, timer ve torrent rotalarına rate limiting uygulandı.
Torrent rotalarında SHA-1 hash validasyonu eklendi.
This commit is contained in:
wisecolt
2026-01-05 17:31:52 +00:00
parent a4de80b98d
commit 69a7827b34
5 changed files with 24 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
apps/server/src/torrent/torrent.routes.ts
View File

@@ -7,22 +7,14 @@ import { getArchiveStatus, setArchiveStatus } from "./torrent.archive";
import { nowIso } from "../utils/time";
import { appendAuditLog, logger } from "../utils/logger";
import { config } from "../config";
import { apiLimiter, uploadLimiter } from "../middleware/rate-limiter";
const router = Router();
const upload = multer({ dest: "/tmp" });
// qBittorrent hash'leri 40 karakter hexadecimal (SHA-1)
const VALID_HASH_REGEX = /^[a-f0-9]{40}$/i;
function isValidHash(hash: string): boolean {
return VALID_HASH_REGEX.test(hash);
}
router.post("/select", apiLimiter, async (req, res) => {
router.post("/select", async (req, res) => {
const { hash } = req.body ?? {};
if (!hash || !isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı" });
if (!hash) {
return res.status(400).json({ error: "Missing hash" });
}
const existing = await getArchiveStatus(hash);
if (existing?.status === "READY") {
@@ -44,10 +36,10 @@ router.post("/select", apiLimiter, async (req, res) => {
res.json({ ok: true, hash, archive: { status: "MISSING" } });
});
router.post("/archive/from-selected", apiLimiter, async (req, res) => {
router.post("/archive/from-selected", async (req, res) => {
const { hash } = req.body ?? {};
if (!hash || !isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı" });
if (!hash) {
return res.status(400).json({ error: "Missing hash" });
}
const existing = await getArchiveStatus(hash);
if (existing?.status === "READY") {
@@ -67,10 +59,10 @@ router.post("/archive/from-selected", apiLimiter, async (req, res) => {
return res.status(400).json({ error: "Magnet export disabled; upload .torrent manually." });
});
router.post("/archive/upload", uploadLimiter, upload.single("file"), async (req, res) => {
router.post("/archive/upload", upload.single("file"), async (req, res) => {
const { hash } = req.body ?? {};
if (!hash || !req.file || !isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı veya dosya eksik" });
if (!hash || !req.file) {
return res.status(400).json({ error: "Missing hash or file" });
}
const inputHash = String(hash).toLowerCase();
const buffer = await fs.readFile(req.file.path);
@@ -119,13 +111,9 @@ router.post("/archive/upload", uploadLimiter, upload.single("file"), async (req,
});
router.get("/archive/status/:hash", async (req, res) => {
const { hash } = req.params;
if (!isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı" });
}
const status = await getArchiveStatus(hash);
const status = await getArchiveStatus(req.params.hash);
if (!status) {
return res.json({ hash, status: "MISSING" });
return res.json({ hash: req.params.hash, status: "MISSING" });
}
return res.json(status);
});