add api rate limiting based on client_ip url param

GitOrigin-RevId: 2fffcce053d5bf452508774b555959610db9a2c7
2024-11-07 20:31:06 -05:00 · 2019-11-20 16:28:42 -04:00 · 2019-11-20 16:28:42 -04:00 · 77b7b03ead
commit 77b7b03ead
parent 9af55a11f7
2 changed files with 25 additions and 42 deletions
--- a/services/web/app/src/Features/Security/LoginRateLimiter.js
+++ b/services/web/app/src/Features/Security/LoginRateLimiter.js
@ -1,34 +1,30 @@
-/* eslint-disable
-    max-len,
-*/
-// TODO: This file was created by bulk-decaffeinate.
-// Fix any style issues and re-enable lint.
-/*
- * decaffeinate suggestions:
- * DS102: Remove unnecessary code created because of implicit returns
- * DS207: Consider shorter variations of null checks
- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
- */
 const RateLimiter = require('../../infrastructure/RateLimiter')
+const { promisifyAll } = require('../../util/promises')

 const ONE_MIN = 60
 const ATTEMPT_LIMIT = 10

-module.exports = {
-  processLoginRequest(email, callback) {
-    const opts = {
-      endpointName: 'login',
-      throttle: ATTEMPT_LIMIT,
-      timeInterval: ONE_MIN * 2,
-      subjectName: email
-    }
-    RateLimiter.addCount(opts, (err, shouldAllow) => callback(err, shouldAllow))
-  },
-
-  recordSuccessfulLogin(email, callback) {
-    if (callback == null) {
-      callback = function() {}
-    }
-    RateLimiter.clearRateLimit('login', email, callback)
+function processLoginRequest(email, callback) {
+  const opts = {
+    endpointName: 'login',
+    throttle: ATTEMPT_LIMIT,
+    timeInterval: ONE_MIN * 2,
+    subjectName: email
  }
+  RateLimiter.addCount(opts, (err, shouldAllow) => callback(err, shouldAllow))
 }
+
+function recordSuccessfulLogin(email, callback) {
+  if (callback == null) {
+    callback = function() {}
+  }
+  RateLimiter.clearRateLimit('login', email, callback)
+}
+
+const LoginRateLimiter = {
+  processLoginRequest,
+  recordSuccessfulLogin
+}
+LoginRateLimiter.promises = promisifyAll(LoginRateLimiter)
+
+module.exports = LoginRateLimiter
--- a/services/web/app/src/infrastructure/RateLimiter.js
+++ b/services/web/app/src/infrastructure/RateLimiter.js
@ -1,16 +1,3 @@
-/* eslint-disable
-    handle-callback-err,
-    max-len,
-    no-unused-vars,
-*/
-// TODO: This file was created by bulk-decaffeinate.
-// Fix any style issues and re-enable lint.
-/*
- * decaffeinate suggestions:
- * DS102: Remove unnecessary code created because of implicit returns
- * DS207: Consider shorter variations of null checks
- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
- */
 const settings = require('settings-sharelatex')
 const Metrics = require('metrics-sharelatex')
 const RedisWrapper = require('./RedisWrapper')
@ -24,7 +11,7 @@ const RateLimiter = {
      return callback(null, true)
    }
    if (callback == null) {
-      callback = function(err, shouldProcess) {}
+      callback = function() {}
    }
    const namespace = `RateLimit:${opts.endpointName}:`
    const k = `{${opts.subjectName}}`
@ -35,7 +22,7 @@ const RateLimiter = {
      maxInInterval: opts.throttle
    })
    limiter(k, function(err, timeLeft, actionsLeft) {
-      if (err != null) {
+      if (err) {
        return callback(err)
      }
      const allowed = timeLeft === 0