jesec · trim21 · Apr 28, 2024 · Apr 28, 2024 · Apr 28, 2024
diff --git a/config.ts b/config.ts
@@ -54,6 +54,12 @@ const {argv: argvObj} = yargs(process.argv.slice(2))
     describe: "Disable Flood's builtin access control system, deprecated, use auth=none instead",
     type: 'boolean',
   })
+  .option('disable-rate-limit', {
+    default: false,
+    describe: 'disable api request limit except for login',
+    hidden: true,
+    type: 'boolean',
+  })
   .option('dehost', {
     describe: 'Host of Deluge RPC interface',
     type: 'string',
@@ -342,6 +348,7 @@ const result = configSchema.safeParse({
   sslCert: argv.sslcert || path.resolve(path.join(argv.rundir, 'fullchain.pem')),
   allowedPaths: allowedPaths.length > 0 ? allowedPaths : undefined,
   serveAssets: argv.assets,
+  disableRateLimit: argv.disableRateLimit,
 });
 
 if (!result.success) {

diff --git a/server/routes/api/index.ts b/server/routes/api/index.ts
@@ -2,7 +2,6 @@ import express, {Response} from 'express';
 import fs from 'fs';
 import passport from 'passport';
 import path from 'path';
-import rateLimit from 'express-rate-limit';
 
 import {contentTokenSchema} from '@shared/schema/api/torrents';
 
@@ -19,6 +18,7 @@ import eventStream from '../../middleware/eventStream';
 import feedMonitorRoutes from './feed-monitor';
 import {getAuthToken, verifyToken} from '../../util/authUtil';
 import torrentsRoutes from './torrents';
+import {rateLimit} from '../utils';
 
 const router = express.Router();
 

diff --git a/server/routes/api/torrents.ts b/server/routes/api/torrents.ts
@@ -4,7 +4,6 @@ import createTorrent from 'create-torrent';
 import express, {Response} from 'express';
 import fs from 'fs';
 import path from 'path';
-import rateLimit from 'express-rate-limit';
 import sanitize from 'sanitize-filename';
 import tar, {Pack} from 'tar-fs';
 
@@ -46,6 +45,7 @@ import {
 import {getTempPath} from '../../models/TemporaryStorage';
 import {getToken} from '../../util/authUtil';
 import {asyncFilter} from '../../util/async';
+import {rateLimit} from '../utils';
 
 const getDestination = async (
   services: Express.Request['services'],

diff --git a/server/routes/utils.ts b/server/routes/utils.ts
@@ -0,0 +1,14 @@
+import config from '../../config';
+
+import expressRateLimit, {Options} from 'express-rate-limit';
+import {RequestHandler} from 'express';
+
+export function rateLimit(passedOptions?: Partial<Options>): RequestHandler {
+  if (config.disableRateLimit) {
+    return function (req, res, next) {
+      next();
+    };
+  }
+
+  return expressRateLimit(passedOptions);
+}
diff --git a/shared/schema/Config.ts b/shared/schema/Config.ts
@@ -125,6 +125,10 @@ export const configSchema = strictObject({
   // Users may prefer to serve static assets via a "professional" web server such as nginx to
   // increase performance or have more flexibility on compression or other options. [default: true]
   serveAssets: boolean().optional(),
+
+  // CLI argument: --disable-rate-limit
+  // Disable api request limit except for login
+  disableRateLimit: boolean(),
 })
   .refine(
     (config) => {