From 6f0e0a2bd3acf425ebe3c45925f6638d1bb72184 Mon Sep 17 00:00:00 2001 From: juancarmore Date: Fri, 28 Mar 2025 12:55:07 +0100 Subject: [PATCH] backend: Clean up routes code --- backend/src/middlewares/auth.middleware.ts | 9 +++++++++ backend/src/routes/auth.routes.ts | 12 +----------- backend/src/routes/livekit.routes.ts | 6 ++---- backend/src/routes/participants.routes.ts | 1 + backend/src/routes/room.routes.ts | 1 - backend/src/server.ts | 2 -- 6 files changed, 13 insertions(+), 18 deletions(-) diff --git a/backend/src/middlewares/auth.middleware.ts b/backend/src/middlewares/auth.middleware.ts index dadce54..fc2dd8f 100644 --- a/backend/src/middlewares/auth.middleware.ts +++ b/backend/src/middlewares/auth.middleware.ts @@ -18,6 +18,8 @@ import { errorInvalidApiKey, OpenViduMeetError } from '../models/index.js'; +import rateLimit from 'express-rate-limit'; +import ms from 'ms'; /** * This middleware allows to chain multiple validators to check if the request is authorized. @@ -157,3 +159,10 @@ export const allowAnonymous = async (req: Request) => { req.session = req.session || {}; req.session.user = user; }; + +// Limit login attempts to avoid brute force attacks +export const loginLimiter = rateLimit({ + windowMs: ms('15m'), + limit: 5, + message: 'Too many login attempts, please try again later' +}); diff --git a/backend/src/routes/auth.routes.ts b/backend/src/routes/auth.routes.ts index dbd457b..2407a71 100644 --- a/backend/src/routes/auth.routes.ts +++ b/backend/src/routes/auth.routes.ts @@ -1,21 +1,11 @@ -import ms from 'ms'; import { Router } from 'express'; import bodyParser from 'body-parser'; import * as authCtrl from '../controllers/auth.controller.js'; -import rateLimit from 'express-rate-limit'; -import { tokenAndRoleValidator, withAuth } from '../middlewares/auth.middleware.js'; +import { loginLimiter, tokenAndRoleValidator, withAuth } from '../middlewares/auth.middleware.js'; import { validateLoginRequest } from '../middlewares/request-validators/auth-validator.middleware.js'; import { UserRole } from '@typings-ce'; export const authRouter = Router(); - -// Limit login attempts for avoiding brute force attacks -const loginLimiter = rateLimit({ - windowMs: ms('15m'), - limit: 5, - message: 'Too many login attempts, please try again later' -}); - authRouter.use(bodyParser.urlencoded({ extended: true })); authRouter.use(bodyParser.json()); diff --git a/backend/src/routes/livekit.routes.ts b/backend/src/routes/livekit.routes.ts index 55195cc..fb0b2b9 100644 --- a/backend/src/routes/livekit.routes.ts +++ b/backend/src/routes/livekit.routes.ts @@ -1,9 +1,7 @@ import express, { Router } from 'express'; import { lkWebhookHandler } from '../controllers/livekit-webhook.controller.js'; -const livekitWebhookRouter = Router(); - +export const livekitWebhookRouter = Router(); livekitWebhookRouter.use(express.raw({ type: 'application/webhook+json' })); -livekitWebhookRouter.post('/', lkWebhookHandler); -export { livekitWebhookRouter }; +livekitWebhookRouter.post('/', lkWebhookHandler); diff --git a/backend/src/routes/participants.routes.ts b/backend/src/routes/participants.routes.ts index d193198..fb797de 100644 --- a/backend/src/routes/participants.routes.ts +++ b/backend/src/routes/participants.routes.ts @@ -12,6 +12,7 @@ export const internalParticipantsRouter = Router(); internalParticipantsRouter.use(bodyParser.urlencoded({ extended: true })); internalParticipantsRouter.use(bodyParser.json()); +// Internal Participant Routes internalParticipantsRouter.post( '/token', validateParticipantTokenRequest, diff --git a/backend/src/routes/room.routes.ts b/backend/src/routes/room.routes.ts index fb5116a..a11be5a 100644 --- a/backend/src/routes/room.routes.ts +++ b/backend/src/routes/room.routes.ts @@ -16,7 +16,6 @@ import { UserRole } from '@typings-ce'; import { configureCreateRoomAuth, configureRoomAuthorization } from '../middlewares/room.middleware.js'; export const roomRouter = Router(); - roomRouter.use(bodyParser.urlencoded({ extended: true })); roomRouter.use(bodyParser.json()); diff --git a/backend/src/server.ts b/backend/src/server.ts index cd46b29..b53cf28 100644 --- a/backend/src/server.ts +++ b/backend/src/server.ts @@ -45,8 +45,6 @@ const createApp = () => { app.use(`${MEET_API_BASE_PATH_V1}/rooms`, /*mediaTypeValidatorMiddleware,*/ roomRouter); app.use(`${MEET_API_BASE_PATH_V1}/recordings`, /*mediaTypeValidatorMiddleware,*/ recordingRouter); app.use(`${MEET_API_BASE_PATH_V1}/auth`, /*mediaTypeValidatorMiddleware,*/ authRouter); - - // TODO: This route should be part of the rooms router app.use(`${MEET_API_BASE_PATH_V1}/preferences`, /*mediaTypeValidatorMiddleware,*/ preferencesRouter); // Internal routes