@rmdes/indiekit-endpoint-activitypub 3.10.5 → 3.10.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/mastodon/router.js +7 -1
- package/package.json +1 -1
package/lib/mastodon/router.js
CHANGED
|
@@ -22,13 +22,17 @@ import searchRouter from "./routes/search.js";
|
|
|
22
22
|
import mediaRouter from "./routes/media.js";
|
|
23
23
|
import stubsRouter from "./routes/stubs.js";
|
|
24
24
|
|
|
25
|
-
// Rate limiters for different endpoint categories
|
|
25
|
+
// Rate limiters for different endpoint categories.
|
|
26
|
+
// validate.trustProxy disabled — Indiekit sets Express trust proxy to true
|
|
27
|
+
// (behind Cloudron/nginx), which express-rate-limit v7+ rejects as too
|
|
28
|
+
// permissive. The proxy is trusted infrastructure, not user-controlled.
|
|
26
29
|
const apiLimiter = rateLimit({
|
|
27
30
|
windowMs: 5 * 60 * 1000, // 5 minutes
|
|
28
31
|
max: 300,
|
|
29
32
|
standardHeaders: true,
|
|
30
33
|
legacyHeaders: false,
|
|
31
34
|
message: { error: "Too many requests, please try again later" },
|
|
35
|
+
validate: { trustProxy: false },
|
|
32
36
|
});
|
|
33
37
|
|
|
34
38
|
const authLimiter = rateLimit({
|
|
@@ -37,6 +41,7 @@ const authLimiter = rateLimit({
|
|
|
37
41
|
standardHeaders: true,
|
|
38
42
|
legacyHeaders: false,
|
|
39
43
|
message: { error: "Too many authentication attempts" },
|
|
44
|
+
validate: { trustProxy: false },
|
|
40
45
|
});
|
|
41
46
|
|
|
42
47
|
const appRegistrationLimiter = rateLimit({
|
|
@@ -45,6 +50,7 @@ const appRegistrationLimiter = rateLimit({
|
|
|
45
50
|
standardHeaders: true,
|
|
46
51
|
legacyHeaders: false,
|
|
47
52
|
message: { error: "Too many app registrations" },
|
|
53
|
+
validate: { trustProxy: false },
|
|
48
54
|
});
|
|
49
55
|
|
|
50
56
|
/**
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rmdes/indiekit-endpoint-activitypub",
|
|
3
|
-
"version": "3.10.
|
|
3
|
+
"version": "3.10.6",
|
|
4
4
|
"description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"indiekit",
|