diff options
| author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-02 23:48:52 +1000 |
|---|---|---|
| committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-02 23:48:52 +1000 |
| commit | 5edbdb8998696f79e674b5a4f1d3b1d82eae7179 (patch) | |
| tree | c92b3b1530b1f4c3a5f94d632024fb233797aaae | |
| parent | type longtext does not support length (diff) | |
| download | server-5edbdb8998696f79e674b5a4f1d3b1d82eae7179.tar.xz | |
Revert RateLimit.ts
| -rw-r--r-- | api/src/middlewares/RateLimit.ts | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/api/src/middlewares/RateLimit.ts b/api/src/middlewares/RateLimit.ts index 13f1602c..1a38cfcf 100644 --- a/api/src/middlewares/RateLimit.ts +++ b/api/src/middlewares/RateLimit.ts @@ -1,4 +1,4 @@ -import { Config, getRights, listenEvent, Rights } from "@fosscord/util"; +import { Config, listenEvent } from "@fosscord/util"; import { NextFunction, Request, Response, Router } from "express"; import { getIpAdress } from "@fosscord/api"; import { API_PREFIX_TRAILING_SLASH } from "./Authentication"; @@ -9,7 +9,6 @@ import { API_PREFIX_TRAILING_SLASH } from "./Authentication"; /* ? bucket limit? Max actions/sec per bucket? -(ANSWER: a small fosscord instance might not need a complex rate limiting system) TODO: delay database requests to include multiple queries TODO: different for methods (GET/POST) @@ -45,12 +44,6 @@ export default function rateLimit(opts: { onlyIp?: boolean; }): any { return async (req: Request, res: Response, next: NextFunction): Promise<any> => { - // exempt user? if so, immediately short circuit - if (req.user_id) { - const rights = await getRights(req.user_id); - if (rights.has("BYPASS_RATE_LIMITS")) return; - } - const bucket_id = opts.bucket || req.originalUrl.replace(API_PREFIX_TRAILING_SLASH, ""); var executor_id = getIpAdress(req); if (!opts.onlyIp && req.user_id) executor_id = req.user_id; @@ -60,12 +53,12 @@ export default function rateLimit(opts: { if (opts.GET && ["GET", "OPTIONS", "HEAD"].includes(req.method)) max_hits = opts.GET; else if (opts.MODIFY && ["POST", "DELETE", "PATCH", "PUT"].includes(req.method)) max_hits = opts.MODIFY; - let offender = Cache.get(executor_id + bucket_id); + const offender = Cache.get(executor_id + bucket_id); if (offender) { - let reset = offender.expires_at.getTime(); - let resetAfterMs = reset - Date.now(); - let resetAfterSec = Math.ceil(resetAfterMs / 1000); + const reset = offender.expires_at.getTime(); + const resetAfterMs = reset - Date.now(); + const resetAfterSec = resetAfterMs / 1000; if (resetAfterMs <= 0) { offender.hits = 0; @@ -77,11 +70,6 @@ export default function rateLimit(opts: { if (offender.blocked) { const global = bucket_id === "global"; - // each block violation pushes the expiry one full window further - reset += opts.window * 1000; - offender.expires_at = new Date(offender.expires_at.getTime() + opts.window * 1000); - resetAfterMs = reset - Date.now(); - resetAfterSec = Math.ceil(resetAfterMs / 1000); console.log("blocked bucket: " + bucket_id, { resetAfterMs }); return ( @@ -163,7 +151,7 @@ export async function initRateLimits(app: Router) { app.use("/auth/register", rateLimit({ onlyIp: true, success: true, ...routes.auth.register })); } -async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number; }) { +async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number }) { const id = opts.executor_id + opts.bucket_id; var limit = Cache.get(id); if (!limit) { |