diff --git a/src/middlewares/Authentication.ts b/src/middlewares/Authentication.ts
index 4b38f1d4..76b335ad 100644
--- a/src/middlewares/Authentication.ts
+++ b/src/middlewares/Authentication.ts
@@ -11,10 +11,14 @@ export const NO_AUTHORIZATION_ROUTES = [
/^\/api(\/v\d+)?\/guilds\/\d+\/widget\.(json|png)/
];
+export const API_PREFIX = /^\/api(\/v\d+)?/;
+export const API_PREFIX_TRAILING_SLASH = /^\/api(\/v\d+)?\//;
+
declare global {
namespace Express {
interface Request {
user_id: any;
+ user_bot: boolean;
token: any;
}
}
@@ -23,17 +27,19 @@ declare global {
export async function Authentication(req: Request, res: Response, next: NextFunction) {
if (req.method === "OPTIONS") return res.sendStatus(204);
if (!req.url.startsWith("/api")) return next();
- if (req.url.startsWith("/api/v8/invites") && req.method === "GET") return next();
+ const apiPath = req.url.replace(API_PREFIX, "");
+ if (apiPath.startsWith("/invites") && req.method === "GET") return next();
if (NO_AUTHORIZATION_ROUTES.some((x) => x.test(req.url))) return next();
if (!req.headers.authorization) return next(new HTTPError("Missing Authorization Header", 401));
try {
const { jwtSecret } = Config.get().security;
- const decoded: any = await checkToken(req.headers.authorization, jwtSecret);
+ const { decoded, user }: any = await checkToken(req.headers.authorization, jwtSecret);
req.token = decoded;
req.user_id = decoded.id;
+ req.user_bot = user.bot;
return next();
} catch (error) {
return next(new HTTPError(error.toString(), 400));
diff --git a/src/middlewares/RateLimit.ts b/src/middlewares/RateLimit.ts
index e610d55b..ab69113e 100644
--- a/src/middlewares/RateLimit.ts
+++ b/src/middlewares/RateLimit.ts
@@ -1,5 +1,6 @@
-import { db, MongooseCache } from "@fosscord/server-util";
+import { db, MongooseCache, Bucket } from "@fosscord/server-util";
import { NextFunction, Request, Response } from "express";
+import { API_PREFIX, API_PREFIX_TRAILING_SLASH } from "./Authentication";
const Cache = new MongooseCache(db.collection("ratelimits"), [{ $match: { blocked: true } }], { onlyEvents: false, array: true });
@@ -22,10 +23,66 @@ TODO: use config values
*/
-export default function RateLimit(opts: { bucket?: string; window: number; count: number }) {
+export default function RateLimit(opts: {
+ bucket?: string;
+ window: number;
+ count: number;
+ bot?: number;
+ error?: number;
+ webhook?: number;
+ oauth?: number;
+ GET?: number;
+ MODIFY?: number;
+}) {
Cache.init(); // will only initalize it once
return async (req: Request, res: Response, next: NextFunction) => {
+ const bucket_id = req.path.replace(API_PREFIX_TRAILING_SLASH, "");
+ const user_id = req.user_id;
+ const max_hits = req.user_bot ? opts.bot : opts.count;
+ const offender = Cache.data.find((x: Bucket) => x.user && x.id === bucket_id) as Bucket | null;
+
+ if (offender && offender.blocked) {
+ const reset = offender.created_at.getTime() + opts.window;
+ const resetAfterMs = reset - Date.now();
+ const resetAfterSec = resetAfterMs / 1000;
+ const global = bucket_id === "global";
+
+ return (
+ res
+ .status(429)
+ .set("X-RateLimit-Limit", `${max_hits}`)
+ .set("X-RateLimit-Remaining", "0")
+ .set("X-RateLimit-Reset", `${reset}`)
+ .set("X-RateLimit-Reset-After", `${resetAfterSec}`)
+ .set("X-RateLimit-Global", `${global}`)
+ .set("Retry-After", `${Math.ceil(resetAfterSec)}`)
+ .set("X-RateLimit-Bucket", `${bucket_id}`)
+ // TODO: error rate limit message translation
+ .send({ message: "You are being rate limited.", retry_after: resetAfterSec, global })
+ );
+ }
next();
+ console.log(req.route);
+
+ if (opts.error) {
+ res.once("finish", () => {
+ // check if error and increment error rate limit
+ });
+ }
+
+ db.collection("ratelimits").updateOne(
+ { bucket: bucket_id },
+ {
+ $set: {
+ id: bucket_id,
+ user_id,
+ created_at: new Date(),
+ $cond: { if: { $gt: ["$hits", max_hits] }, then: true, else: false }
+ },
+ $inc: { hits: 1 }
+ },
+ { upsert: true }
+ );
};
}
|
