From 5e86d7ab9c5200d794c3adb2b422d20a2aefd2ce Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 13 Aug 2022 02:00:50 +0200 Subject: restructure to single project --- src/api/util/utility/ipAddress.ts | 95 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 src/api/util/utility/ipAddress.ts (limited to 'src/api/util/utility/ipAddress.ts') diff --git a/src/api/util/utility/ipAddress.ts b/src/api/util/utility/ipAddress.ts new file mode 100644 index 00000000..8d986b26 --- /dev/null +++ b/src/api/util/utility/ipAddress.ts @@ -0,0 +1,95 @@ +import { Config } from "@fosscord/util"; +import { Request } from "express"; +// use ipdata package instead of simple fetch because of integrated caching +import fetch from "node-fetch"; + +const exampleData = { + ip: "", + is_eu: true, + city: "", + region: "", + region_code: "", + country_name: "", + country_code: "", + continent_name: "", + continent_code: "", + latitude: 0, + longitude: 0, + postal: "", + calling_code: "", + flag: "", + emoji_flag: "", + emoji_unicode: "", + asn: { + asn: "", + name: "", + domain: "", + route: "", + type: "isp" + }, + languages: [ + { + name: "", + native: "" + } + ], + currency: { + name: "", + code: "", + symbol: "", + native: "", + plural: "" + }, + time_zone: { + name: "", + abbr: "", + offset: "", + is_dst: true, + current_time: "" + }, + threat: { + is_tor: false, + is_proxy: false, + is_anonymous: false, + is_known_attacker: false, + is_known_abuser: false, + is_threat: false, + is_bogon: false + }, + count: 0, + status: 200 +}; + +//TODO add function that support both ip and domain names +export async function IPAnalysis(ip: string): Promise { + const { ipdataApiKey } = Config.get().security; + if (!ipdataApiKey) return { ...exampleData, ip }; + + return (await fetch(`https://api.ipdata.co/${ip}?api-key=${ipdataApiKey}`)).json() as any; +} + +export function isProxy(data: typeof exampleData) { + if (!data || !data.asn || !data.threat) return false; + if (data.asn.type !== "isp") return true; + if (Object.values(data.threat).some((x) => x)) return true; + + return false; +} + +export function getIpAdress(req: Request): string { + // @ts-ignore + return req.headers[Config.get().security.forwadedFor] || req.socket.remoteAddress; +} + +export function distanceBetweenLocations(loc1: any, loc2: any): number { + return distanceBetweenCoords(loc1.latitude, loc1.longitude, loc2.latitude, loc2.longitude); +} + +//Haversine function +function distanceBetweenCoords(lat1: number, lon1: number, lat2: number, lon2: number) { + const p = 0.017453292519943295; // Math.PI / 180 + const c = Math.cos; + const a = 0.5 - c((lat2 - lat1) * p) / 2 + (c(lat1 * p) * c(lat2 * p) * (1 - c((lon2 - lon1) * p))) / 2; + + return 12742 * Math.asin(Math.sqrt(a)); // 2 * R; R = 6371 km +} -- cgit 1.5.1 From baeec00f65f74001cae5e6fd4e93767f27e43ceb Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Wed, 24 Aug 2022 03:01:57 +0200 Subject: case insensitive header for rate limits, fix rate limit default settings Also disabled rate limit bypass right as it doesn't work... --- src/api/middlewares/RateLimit.ts | 3 ++- src/api/util/utility/ipAddress.ts | 6 +++++- src/util/config/types/subconfigurations/limits/RateLimits.ts | 2 +- src/util/config/types/subconfigurations/limits/ratelimits/Route.ts | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) (limited to 'src/api/util/utility/ipAddress.ts') diff --git a/src/api/middlewares/RateLimit.ts b/src/api/middlewares/RateLimit.ts index 7754edf6..dc93dcef 100644 --- a/src/api/middlewares/RateLimit.ts +++ b/src/api/middlewares/RateLimit.ts @@ -48,7 +48,7 @@ export default function rateLimit(opts: { // exempt user? if so, immediately short circuit if (req.user_id) { const rights = await getRights(req.user_id); - if (rights.has("BYPASS_RATE_LIMITS")) return; + if (rights.has("BYPASS_RATE_LIMITS")) return next(); } const bucket_id = opts.bucket || req.originalUrl.replace(API_PREFIX_TRAILING_SLASH, ""); @@ -121,6 +121,7 @@ export default function rateLimit(opts: { export async function initRateLimits(app: Router) { const { routes, global, ip, error, disabled } = Config.get().limits.rate; if (disabled) return; + console.log("Enabling rate limits..."); await listenEvent(EventRateLimit, (event) => { Cache.set(event.channel_id as string, event.data); event.acknowledge?.(); diff --git a/src/api/util/utility/ipAddress.ts b/src/api/util/utility/ipAddress.ts index 8d986b26..c96feb9e 100644 --- a/src/api/util/utility/ipAddress.ts +++ b/src/api/util/utility/ipAddress.ts @@ -78,7 +78,11 @@ export function isProxy(data: typeof exampleData) { export function getIpAdress(req: Request): string { // @ts-ignore - return req.headers[Config.get().security.forwadedFor] || req.socket.remoteAddress; + return ( + req.headers[Config.get().security.forwadedFor as string] || + req.headers[Config.get().security.forwadedFor?.toLowerCase() as string] || + req.socket.remoteAddress + ); } export function distanceBetweenLocations(loc1: any, loc2: any): number { diff --git a/src/util/config/types/subconfigurations/limits/RateLimits.ts b/src/util/config/types/subconfigurations/limits/RateLimits.ts index db3f8a4c..764acdd6 100644 --- a/src/util/config/types/subconfigurations/limits/RateLimits.ts +++ b/src/util/config/types/subconfigurations/limits/RateLimits.ts @@ -14,5 +14,5 @@ export class RateLimits { count: 10, window: 5 }; - routes: RouteRateLimit; + routes: RouteRateLimit = new RouteRateLimit(); } diff --git a/src/util/config/types/subconfigurations/limits/ratelimits/Route.ts b/src/util/config/types/subconfigurations/limits/ratelimits/Route.ts index 464670f2..6890699e 100644 --- a/src/util/config/types/subconfigurations/limits/ratelimits/Route.ts +++ b/src/util/config/types/subconfigurations/limits/ratelimits/Route.ts @@ -14,6 +14,6 @@ export class RouteRateLimit { count: 10, window: 5 }; - auth: AuthRateLimit; + auth: AuthRateLimit = new AuthRateLimit(); // TODO: rate limit configuration for all routes } -- cgit 1.5.1