From c42808f5b8a8dd6eb075297d3be3792d0676c5cf Mon Sep 17 00:00:00 2001 From: AlecM33 Date: Mon, 4 Jul 2022 16:26:36 -0400 Subject: [PATCH] centralize cors --- server/api/GamesAPI.js | 34 +++++++++++++++++----------------- server/config/globals.js | 15 +++++++++++++-- 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/server/api/GamesAPI.js b/server/api/GamesAPI.js index ae4364b..834b523 100644 --- a/server/api/GamesAPI.js +++ b/server/api/GamesAPI.js @@ -4,37 +4,37 @@ const debugMode = Array.from(process.argv.map((arg) => arg.trim().toLowerCase()) const logger = require('../modules/Logger')(debugMode); const GameManager = require('../modules/GameManager.js'); const rateLimit = require('express-rate-limit').default; -const globals = require('../config/globals'); +const globals = require('../config/globals.js'); const cors = require('cors'); const gameManager = new GameManager().getInstance(); const apiLimiter = rateLimit({ - windowMs: 600000, - max: 5, + windowMs: 60000, + max: 100, standardHeaders: true, legacyHeaders: false }); -const corsOptions = process.env.NODE_ENV.trim() === 'development' - ? { - origin: '*', - optionsSuccessStatus: 200 - } - : { - origin: 'https://playwerewolf.uk.r.appspot.com', - optionsSuccessStatus: 200 - }; +const gameEndpointLimiter = rateLimit({ // further limit the rate of game creation to 30 games per 10 minutes. + windowMs: 600000, + max: 30, + standardHeaders: true, + legacyHeaders: false +}); -router.use(cors(corsOptions)); -router.options('/:code/players', cors(corsOptions)); +router.use(cors(globals.CORS)); +router.options('/:code/players', cors(globals.CORS)); +router.options('/create', cors(globals.CORS)); +router.options('/restart', cors(globals.CORS)); -if (process.env.NODE_ENV.trim() === 'production') { // in prod, limit clients to creating 5 games per 10 minutes. - router.use('/create', apiLimiter); +if (process.env.NODE_ENV.trim() === 'production') { + router.use(apiLimiter); + router.use('/create', gameEndpointLimiter); } router.post('/create', function (req, res) { - logger.trace('Received request to create new game: ' + JSON.stringify(req.body, null, 4)); + logger.debug('Received request to create new game: ' + JSON.stringify(req.body, null, 4)); const gameCreationPromise = gameManager.createGame(req.body, false); gameCreationPromise.then((result) => { if (result instanceof Error) { diff --git a/server/config/globals.js b/server/config/globals.js index 17c7c81..242b91e 100644 --- a/server/config/globals.js +++ b/server/config/globals.js @@ -3,6 +3,15 @@ const globals = { ACCESS_CODE_LENGTH: 4, ACCESS_CODE_GENERATION_ATTEMPTS: 50, CLOCK_TICK_INTERVAL_MILLIS: 100, + CORS: process.env.NODE_ENV.trim() === 'development' + ? { + origin: '*', + optionsSuccessStatus: 200 + } + : { + origin: 'https://play-werewolf.app', + optionsSuccessStatus: 200 + }, STALE_GAME_HOURS: 12, CLIENT_COMMANDS: { FETCH_GAME_STATE: 'fetchGameState', @@ -41,7 +50,8 @@ const globals = { PLAYER_JOINED: 'playerJoined', PLAYER_LEFT: 'playerLeft', SYNC_GAME_STATE: 'syncGameState', - NEW_SPECTATOR: 'newSpectator' + NEW_SPECTATOR: 'newSpectator', + BROADCAST: 'broadcast' }, ENVIRONMENT: { LOCAL: 'local', @@ -61,7 +71,8 @@ const globals = { PAUSE_TIMER: 'pauseTimer', RESUME_TIMER: 'resumeTimer', GET_TIME_REMAINING: 'getTimeRemaining' - } + }, + MOCK_AUTH: 'mock_auth' }; module.exports = globals;