Sharkey/packages/backend/src/server/api/limiter.ts
Johann150 161659de5c
enhance: replace signin CAPTCHA with rate limit (#8740)
* enhance: rate limit works without signed in user

* fix: make limit key required for limiter

As before the fallback limiter key will be set from the endpoint name.

* enhance: use limiter for signin

* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"

This reverts commit 02a43a310f.

* Revert "feat: make captcha required when signin to improve security"

This reverts commit b21b058005.

* fix undefined reference

* fix: better error message

* enhance: only handle prefix of IPv6
2022-05-28 12:06:47 +09:00

75 lines
1.7 KiB
TypeScript

import Limiter from 'ratelimiter';
import { redisClient } from '../../db/redis.js';
import { IEndpointMeta } from './endpoints.js';
import { CacheableLocalUser, User } from '@/models/entities/user.js';
import Logger from '@/services/logger.js';
const logger = new Logger('limiter');
export const limiter = (limitation: IEndpointMeta['limit'] & { key: NonNullable<string> }, actor: string) => new Promise<void>((ok, reject) => {
const hasShortTermLimit = typeof limitation.minInterval === 'number';
const hasLongTermLimit =
typeof limitation.duration === 'number' &&
typeof limitation.max === 'number';
if (hasShortTermLimit) {
min();
} else if (hasLongTermLimit) {
max();
} else {
ok();
}
// Short-term limit
function min(): void {
const minIntervalLimiter = new Limiter({
id: `${actor}:${limitation.key}:min`,
duration: limitation.minInterval,
max: 1,
db: redisClient,
});
minIntervalLimiter.get((err, info) => {
if (err) {
return reject('ERR');
}
logger.debug(`${actor} ${limitation.key} min remaining: ${info.remaining}`);
if (info.remaining === 0) {
reject('BRIEF_REQUEST_INTERVAL');
} else {
if (hasLongTermLimit) {
max();
} else {
ok();
}
}
});
}
// Long term limit
function max(): void {
const limiter = new Limiter({
id: `${actor}:${limitation.key}`,
duration: limitation.duration,
max: limitation.max,
db: redisClient,
});
limiter.get((err, info) => {
if (err) {
return reject('ERR');
}
logger.debug(`${actor} ${limitation.key} max remaining: ${info.remaining}`);
if (info.remaining === 0) {
reject('RATE_LIMIT_EXCEEDED');
} else {
ok();
}
});
}
});