Benature/omnivore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add hour rate limiter middleware to the api router and allows max 600 requests per hour

Browse Source
This commit is contained in:
Hongbo Wu
2024-07-24 16:24:49 +08:00
parent 6776cdf1cd
commit dee421d3c8
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/api/src/server.ts
View File

@ -46,7 +46,7 @@ import { analytics } from './utils/analytics'
import { corsConfig } from './utils/corsConfig'
import { getClientFromUserAgent } from './utils/helpers'
import { buildLogger, buildLoggerTransport, logger } from './utils/logger'
import { apiLimiter, authLimiter } from './utils/rate_limit'
import { apiHourLimiter, apiLimiter, authLimiter } from './utils/rate_limit'
import { shortcutsRouter } from './routers/shortcuts_router'
const PORT = process.env.PORT || 4000
@ -68,7 +68,7 @@ export const createApp = (): Express => {
app.set('trust proxy', env.server.trustProxy)
// Apply the rate limiting middleware to API calls only
app.use('/api/', apiLimiter)
app.use('/api/', apiLimiter, apiHourLimiter)
// set client info in the request context
app.use(httpContext.middleware)

22
packages/api/src/utils/rate_limit.ts
View File

@ -27,7 +27,7 @@ const configs: Partial<Options> = {
export const apiLimiter = rateLimit({
...configs,
max: async (req) => {
// 100 RPM for an authenticated request, 15 for a non-authenticated request
// 60 RPM for authenticated request, 15 for non-authenticated request
const token = getTokenByRequest(req)
try {
const claims = await getClaimsByToken(token)
@ -43,6 +43,26 @@ export const apiLimiter = rateLimit({
store: getStore('api-rate-limit'),
})
export const apiHourLimiter = rateLimit({
...configs,
windowMs: 60 * 60 * 1000, // 1 hour
max: async (req) => {
// 600 for authenticated request, 150 for non-authenticated request
const token = getTokenByRequest(req)
try {
const claims = await getClaimsByToken(token)
return claims ? 600 : 150
} catch (e) {
console.log('non-authenticated request')
return 150
}
},
keyGenerator: (req) => {
return getTokenByRequest(req) || req.ip
},
store: getStore('api-hour-rate-limit'),
})
// 5 RPM for auth requests
export const authLimiter = rateLimit({
...configs,