Modular: fixes bug — rateLimiterReward was not awaited

DougReeder · DougReeder · commit baf4a5923607 · 2025-11-04T21:47:31.000-05:00
diff --git a/lib/appFactory.js b/lib/appFactory.js
@@ -144,10 +144,10 @@ module.exports = async function ({ hostIdentity, jwtSecret, accountMgr, storeRou
 
   app.use([`${basePath}/`, `${basePath}/oauth`, `${basePath}/account`, `${basePath}/admin`], memorySession);
 
-  app.use((req, _res, next) => {
+  app.use(async (req, _res, next) => {
     if (req.session?.privileges?.STORE) {
       // refunds the points consumed by rate-limiting middleware
-      rateLimiterReward(req.ip, POINTS_UNAUTH_REQUEST - POINTS_AUTH_REQUEST);
+      await rateLimiterReward(req.ip, POINTS_UNAUTH_REQUEST - POINTS_AUTH_REQUEST);
     }
     next();
   });
diff --git a/lib/routes/storage_common.js b/lib/routes/storage_common.js
@@ -149,7 +149,7 @@ module.exports = function (hostIdentity, jwtSecret) {
         return [requiredScopeName, '*'].includes(grantedParts[0]) && grantedParts[1].startsWith(requiredPermission);
       })) {
         // refunds the points consumed by rate-limiter middleware
-        rateLimiterReward(req.ip, POINTS_UNAUTH_REQUEST - POINTS_AUTH_REQUEST);
+        await rateLimiterReward(req.ip, POINTS_UNAUTH_REQUEST - POINTS_AUTH_REQUEST);
         next();
       } else {
         return unauthorized(req, res, 403, 'insufficient_scope', requiredScope, `user has permissions '${grantedScopes}' but lacks '${requiredScope}'`);
