wisecolt/q-buffer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revert 9f3b2cbb24

Browse Source 
revert refactor(api): rate limiting sistemini basitleştir ve sadece login endpoint'inde tut

Merkezi rate limiting middleware dosyasını kaldırıp rate limiting'i sadece
login endpoint'ine özel hale getirildi. Diğer API endpoint'lerindeki rate
limiting kısıtlamaları (loop, timer, torrent) kaldırıldı. Login rate limiter
artık auth.routes.ts dosyasında inline olarak tanımlanıyor.
This commit is contained in:
wisecolt
2026-01-05 17:31:19 +00:00
parent 9f3b2cbb24
commit a4de80b98d
5 changed files with 68 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
apps/server/src/torrent/torrent.routes.ts
View File

@@ -7,14 +7,22 @@ import { getArchiveStatus, setArchiveStatus } from "./torrent.archive";
import { nowIso } from "../utils/time";
import { appendAuditLog, logger } from "../utils/logger";
import { config } from "../config";
import { apiLimiter, uploadLimiter } from "../middleware/rate-limiter";
const router = Router();
const upload = multer({ dest: "/tmp" });
router.post("/select", async (req, res) => {
// qBittorrent hash'leri 40 karakter hexadecimal (SHA-1)
const VALID_HASH_REGEX = /^[a-f0-9]{40}$/i;
function isValidHash(hash: string): boolean {
return VALID_HASH_REGEX.test(hash);
}
router.post("/select", apiLimiter, async (req, res) => {
const { hash } = req.body ?? {};
if (!hash) {
return res.status(400).json({ error: "Missing hash" });
if (!hash || !isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı" });
}
const existing = await getArchiveStatus(hash);
if (existing?.status === "READY") {
@@ -36,10 +44,10 @@ router.post("/select", async (req, res) => {
res.json({ ok: true, hash, archive: { status: "MISSING" } });
});
router.post("/archive/from-selected", async (req, res) => {
router.post("/archive/from-selected", apiLimiter, async (req, res) => {
const { hash } = req.body ?? {};
if (!hash) {
return res.status(400).json({ error: "Missing hash" });
if (!hash || !isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı" });
}
const existing = await getArchiveStatus(hash);
if (existing?.status === "READY") {
@@ -59,10 +67,10 @@ router.post("/archive/from-selected", async (req, res) => {
return res.status(400).json({ error: "Magnet export disabled; upload .torrent manually." });
});
router.post("/archive/upload", upload.single("file"), async (req, res) => {
router.post("/archive/upload", uploadLimiter, upload.single("file"), async (req, res) => {
const { hash } = req.body ?? {};
if (!hash || !req.file) {
return res.status(400).json({ error: "Missing hash or file" });
if (!hash || !req.file || !isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı veya dosya eksik" });
}
const inputHash = String(hash).toLowerCase();
const buffer = await fs.readFile(req.file.path);
@@ -111,9 +119,13 @@ router.post("/archive/upload", upload.single("file"), async (req, res) => {
});
router.get("/archive/status/:hash", async (req, res) => {
const status = await getArchiveStatus(req.params.hash);
const { hash } = req.params;
if (!isValidHash(hash)) {
return res.status(400).json({ error: "Geçersiz hash formatı" });
}
const status = await getArchiveStatus(hash);
if (!status) {
return res.json({ hash: req.params.hash, status: "MISSING" });
return res.json({ hash, status: "MISSING" });
}
return res.json(status);
});