From 188bcfbda02d42bc2d13d133730f2782a90a6dec Mon Sep 17 00:00:00 2001 From: Sami Date: Tue, 31 Mar 2026 18:45:25 -0700 Subject: [PATCH] fix: exempt dashboard-critical endpoints from rate limiter License status, services list, config, and license feature checks were being rate-limited (429) after ~14 minutes of dashboard polling, causing the license to show FREE TIER and services to fail loading. Co-Authored-By: Claude Opus 4.6 --- dashcaddy-api/middleware.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashcaddy-api/middleware.js b/dashcaddy-api/middleware.js index 6e86b96..132ff10 100644 --- a/dashcaddy-api/middleware.js +++ b/dashcaddy-api/middleware.js @@ -386,7 +386,7 @@ module.exports = function configureMiddleware(app, { ...RATE_LIMITS.GENERAL, standardHeaders: true, legacyHeaders: false, - skip: (req) => isTest || req.path === '/health' || req.path === '/api/health' || req.path.startsWith('/probe/') || req.path.startsWith('/api/auth/gate/') || req.path === '/api/totp/check-session' || req.path.endsWith('/health-checks/status') || req.path.endsWith('/csrf-token') || req.path === '/api/v1/dns/logs', + skip: (req) => isTest || req.path === '/health' || req.path === '/api/health' || req.path.startsWith('/probe/') || req.path.startsWith('/api/auth/gate/') || req.path === '/api/totp/check-session' || req.path.endsWith('/health-checks/status') || req.path.endsWith('/csrf-token') || req.path === '/api/v1/dns/logs' || req.path === '/api/license/status' || req.path.startsWith('/api/license/feature/') || req.path === '/api/services' || req.path === '/api/config', message: { success: false, error: 'Too many requests, please try again later' } });