From 00d45e32293206ce55c96276dc8d1e24c7ea5318 Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Tue, 16 Feb 2021 20:53:42 -0500
Subject: [PATCH] Defer rate limiter creation to a hook call

This makes it possible to change the rate limiter settings via
`/admin/settings` or by modifying the appropriate settings object and
reinvoking the hook.
---
 src/ep.json                            |  3 ++-
 src/node/handler/PadMessageHandler.js  | 12 ++++++++----
 src/node/hooks/express/importexport.js | 16 ++++++++--------
 3 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/src/ep.json b/src/ep.json
index 7e73b69c5..5642f8c12 100644
--- a/src/ep.json
+++ b/src/ep.json
@@ -84,7 +84,8 @@
       "name": "socketio",
       "hooks": {
         "expressCloseServer": "ep_etherpad-lite/node/hooks/express/socketio",
-        "expressCreateServer": "ep_etherpad-lite/node/hooks/express/socketio"
+        "expressCreateServer": "ep_etherpad-lite/node/hooks/express/socketio",
+        "socketio": "ep_etherpad-lite/node/handler/PadMessageHandler"
       }
     },
     {
diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js
index 7e290b9e3..c7ff1f661 100644
--- a/src/node/handler/PadMessageHandler.js
+++ b/src/node/handler/PadMessageHandler.js
@@ -40,10 +40,14 @@ const nodeify = require('nodeify');
 const {RateLimiterMemory} = require('rate-limiter-flexible');
 const webaccess = require('../hooks/express/webaccess');
 
-const rateLimiter = new RateLimiterMemory({
-  points: settings.commitRateLimiting.points,
-  duration: settings.commitRateLimiting.duration,
-});
+let rateLimiter;
+
+exports.socketio = () => {
+  // The rate limiter is created in this hook so that restarting the server resets the limiter. The
+  // settings.commitRateLimiting object is passed directly to the rate limiter so that the limits
+  // can be dynamically changed during runtime by modifying its properties.
+  rateLimiter = new RateLimiterMemory(settings.commitRateLimiting);
+};
 
 /**
  * A associative array that saves information about a session
diff --git a/src/node/hooks/express/importexport.js b/src/node/hooks/express/importexport.js
index 598629632..d6f287c6b 100644
--- a/src/node/hooks/express/importexport.js
+++ b/src/node/hooks/express/importexport.js
@@ -10,15 +10,15 @@ const rateLimit = require('express-rate-limit');
 const securityManager = require('../../db/SecurityManager');
 const webaccess = require('./webaccess');
 
-settings.importExportRateLimiting.onLimitReached = (req, res, options) => {
-  // when the rate limiter triggers, write a warning in the logs
-  console.warn('Import/Export rate limiter triggered on ' +
-      `"${req.originalUrl}" for IP address ${req.ip}`);
-};
-
-const limiter = rateLimit(settings.importExportRateLimiting);
-
 exports.expressCreateServer = (hookName, args, cb) => {
+  settings.importExportRateLimiting.onLimitReached = (req, res, options) => {
+    // when the rate limiter triggers, write a warning in the logs
+    console.warn('Import/Export rate limiter triggered on ' +
+                 `"${req.originalUrl}" for IP address ${req.ip}`);
+  };
+  // The rate limiter is created in this hook so that restarting the server resets the limiter.
+  const limiter = rateLimit(settings.importExportRateLimiting);
+
   // handle export requests
   args.app.use('/p/:pad/:rev?/export/:type', limiter);
   args.app.get('/p/:pad/:rev?/export/:type', (req, res, next) => {