diff options
| author | TheArcaneBrony <myrainbowdash949@gmail.com> | 2022-09-18 14:09:16 +0200 |
|---|---|---|
| committer | TheArcaneBrony <myrainbowdash949@gmail.com> | 2022-09-18 14:09:16 +0200 |
| commit | aabb7d90971df32806b8b50da6a3a5891adc26a7 (patch) | |
| tree | 3398c54727d46f538c4484141cdf233afb176e02 | |
| parent | check token validity + delete invalid, prettier (diff) | |
| download | server-aabb7d90971df32806b8b50da6a3a5891adc26a7.tar.xz | |
Message rate limiting
| -rw-r--r-- | assets/locales/en/common.json | 8 | ||||
| -rw-r--r-- | src/api/routes/channels/#channel_id/messages/index.ts | 23 |
2 files changed, 31 insertions, 0 deletions
diff --git a/assets/locales/en/common.json b/assets/locales/en/common.json index 99f553cc..edcafa1d 100644 --- a/assets/locales/en/common.json +++ b/assets/locales/en/common.json @@ -28,6 +28,14 @@ "REACTION": "Reaction not found", "FILE": "File not found" }, + "toomany": { + "CHANNEL": "Too many channels", + "USER": "Too many users", + "ROLE": "Too many roles", + "REACTION": "Too many reactions", + "FILE": "Too many files", + "MESSAGE": "Too many messages" + }, "relationship": { "ALREADY_BLOCKED": "You already blocked the user", "NOT_FRIENDS": "You are not friends with the user", diff --git a/src/api/routes/channels/#channel_id/messages/index.ts b/src/api/routes/channels/#channel_id/messages/index.ts index 220163d2..4f689c2b 100644 --- a/src/api/routes/channels/#channel_id/messages/index.ts +++ b/src/api/routes/channels/#channel_id/messages/index.ts @@ -6,17 +6,23 @@ import { Config, DmChannelDTO, emitEvent, + FieldErrors, + getIpAdress, getPermission, + getRights, HTTPError, Member, Message, MessageCreateEvent, MessageCreateSchema, + Permissions, + Rights, Snowflake, uploadFile } from "@fosscord/util"; import { Request, Response, Router } from "express"; import multer from "multer"; +import { yellow } from "picocolors"; import { FindManyOptions, LessThan, MoreThan } from "typeorm"; import { URL } from "url"; @@ -159,6 +165,23 @@ router.post( if (!channel.isWritable()) { throw new HTTPError(`Cannot send messages to channel of type ${channel.type}`, 400); } + var limits = Config.get().limits; + + if ( + !(await getRights(req.user_id)).has(Rights.FLAGS.BYPASS_RATE_LIMITS) && + limits.absoluteRate.register.enabled && + (await await Message.count({ where: { channel_id, timestamp: MoreThan(new Date(Date.now() - limits.absoluteRate.sendMessage.window)) } })) >= + limits.absoluteRate.register.limit + ) { + console.log( + yellow( + `[MESSAGE] Global register rate limit exceeded for ${getIpAdress(req)}: ${channel_id}, ${req.user_id}, ${body.content}` + ) + ); + throw FieldErrors({ + channel_id: { code: "TOO_MANY_MESSAGES", message: req.t("common:toomany.MESSAGE") } + }); + } const files = (req.files as Express.Multer.File[]) ?? []; for (let currFile of files) { |