2015-02-04 15:05:26 +00:00
|
|
|
RateLimiter = require "../../infrastructure/RateLimiter"
|
2015-02-05 09:52:40 +00:00
|
|
|
logger = require "logger-sharelatex"
|
2015-02-04 15:05:26 +00:00
|
|
|
|
|
|
|
module.exports = RateLimiterMiddlewear =
|
|
|
|
###
|
|
|
|
Do not allow more than opts.maxRequests from a single client in
|
|
|
|
opts.timeInterval. Pass an array of opts.params to segment this based on
|
|
|
|
parameters in the request URL, e.g.:
|
|
|
|
|
|
|
|
app.get "/project/:project_id", RateLimiterMiddlewear.rateLimit(endpointName: "open-editor", params: ["project_id"])
|
|
|
|
|
|
|
|
will rate limit each project_id separately.
|
|
|
|
|
|
|
|
Unique clients are identified by user_id if logged in, and IP address if not.
|
|
|
|
###
|
|
|
|
rateLimit: (opts) ->
|
|
|
|
return (req, res, next) ->
|
2016-02-02 12:31:54 +00:00
|
|
|
if req.session?.user?
|
2015-02-04 15:05:26 +00:00
|
|
|
user_id = req.session.user._id
|
|
|
|
else
|
|
|
|
user_id = req.ip
|
|
|
|
params = (opts.params or []).map (p) -> req.params[p]
|
|
|
|
params.push user_id
|
|
|
|
if !opts.endpointName?
|
|
|
|
throw new Error("no endpointName provided")
|
2015-02-05 09:52:40 +00:00
|
|
|
options = {
|
2015-02-04 15:05:26 +00:00
|
|
|
endpointName: opts.endpointName
|
|
|
|
timeInterval: opts.timeInterval or 60
|
|
|
|
subjectName: params.join(":")
|
|
|
|
throttle: opts.maxRequests or 6
|
2015-02-05 09:52:40 +00:00
|
|
|
}
|
|
|
|
RateLimiter.addCount options, (error, canContinue)->
|
2015-02-04 15:05:26 +00:00
|
|
|
return next(error) if error?
|
|
|
|
if canContinue
|
|
|
|
next()
|
|
|
|
else
|
2015-02-05 09:52:40 +00:00
|
|
|
logger.warn options, "rate limit exceeded"
|
2015-02-04 15:05:26 +00:00
|
|
|
res.status(429) # Too many requests
|
|
|
|
res.write("Rate limit reached, please try again later")
|
|
|
|
res.end()
|