merge dev to main (#292)

* Don't let frontend know why 401 was sent * Remove ratelimiter because cloudflare handles that already
BlueMoonDevelopment · Mar 29, 2024 · 2042206 · 2042206
1 parent 6125085
commit 2042206
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 32 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -32,7 +32,6 @@
         "cookie-parser": "^1.4.6",
         "cors": "^2.8.5",
         "express": "^4.19.2",
-        "express-rate-limit": "^7.2.0",
         "express-session": "^1.18.0",
         "jsonwebtoken": "^9.0.2",
         "jwt-decode": "^4.0.0",

diff --git a/src/main/typescript/middlewares/authJwt.ts b/src/main/typescript/middlewares/authJwt.ts
@@ -7,17 +7,17 @@ const verifyToken = (req: Request, res: Response, next: NextFunction) => {
     const userId = req.session.userId;
 
     if (token === undefined || userId === undefined || !token || !userId) {
-        return res.status(401).send({ message: 'Unauthorized! Session not found or expired!' });
+        return res.status(401).send({ message: 'Unauthorized!' });
     }
 
     jwt.verify(token, security_settings.jwt_secret, (err, decoded) => {
         if (err) {
-            return res.status(401).send({ message: 'Unauthorized! Error: ' + err.name + ': ' + err.message });
+            return res.status(401).send({ message: 'Unauthorized!' });
         }
 
         const payload = decoded as JwtPayload;
         if (payload.id != userId) {
-            return res.status(401).send({ message: 'Unauthorized! UserID from Session does not match UserID from Payload!' });
+            return res.status(401).send({ message: 'Unauthorized!' });
         }
         next();
     });

diff --git a/src/main/typescript/server.ts b/src/main/typescript/server.ts
@@ -2,7 +2,6 @@
  * Required external modules
  */
 import express, { Application } from 'express';
-import RateLimit from 'express-rate-limit';
 import cors from 'cors';
 import mongoose from 'mongoose';
 import session from 'express-session';
@@ -39,11 +38,6 @@ import path from 'node:path';
  * App Variables
  */
 const app: Application = express();
-const limiter = RateLimit({
-    // 15 minutes
-    windowMs: 15 * 60 * 1000,
-    limit: 100,
-});
 
 /**
  * Database connection
@@ -59,7 +53,6 @@ app.use(cors({
     origin: server_settings.frontend_url,
     credentials: true,
 }));
-app.use(limiter);
 app.use(cookies());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));