add api rate limiting based on client_ip url param

GitOrigin-RevId: 2fffcce053d5bf452508774b555959610db9a2c7
This commit is contained in:
Ersun Warncke 2019-11-20 16:28:42 -04:00 committed by sharelatex
parent 9af55a11f7
commit 77b7b03ead
2 changed files with 25 additions and 42 deletions

View file

@ -1,34 +1,30 @@
/* eslint-disable
max-len,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* DS207: Consider shorter variations of null checks
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
const RateLimiter = require('../../infrastructure/RateLimiter')
const { promisifyAll } = require('../../util/promises')
const ONE_MIN = 60
const ATTEMPT_LIMIT = 10
module.exports = {
processLoginRequest(email, callback) {
const opts = {
endpointName: 'login',
throttle: ATTEMPT_LIMIT,
timeInterval: ONE_MIN * 2,
subjectName: email
}
RateLimiter.addCount(opts, (err, shouldAllow) => callback(err, shouldAllow))
},
recordSuccessfulLogin(email, callback) {
if (callback == null) {
callback = function() {}
}
RateLimiter.clearRateLimit('login', email, callback)
function processLoginRequest(email, callback) {
const opts = {
endpointName: 'login',
throttle: ATTEMPT_LIMIT,
timeInterval: ONE_MIN * 2,
subjectName: email
}
RateLimiter.addCount(opts, (err, shouldAllow) => callback(err, shouldAllow))
}
function recordSuccessfulLogin(email, callback) {
if (callback == null) {
callback = function() {}
}
RateLimiter.clearRateLimit('login', email, callback)
}
const LoginRateLimiter = {
processLoginRequest,
recordSuccessfulLogin
}
LoginRateLimiter.promises = promisifyAll(LoginRateLimiter)
module.exports = LoginRateLimiter

View file

@ -1,16 +1,3 @@
/* eslint-disable
handle-callback-err,
max-len,
no-unused-vars,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* DS207: Consider shorter variations of null checks
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
const settings = require('settings-sharelatex')
const Metrics = require('metrics-sharelatex')
const RedisWrapper = require('./RedisWrapper')
@ -24,7 +11,7 @@ const RateLimiter = {
return callback(null, true)
}
if (callback == null) {
callback = function(err, shouldProcess) {}
callback = function() {}
}
const namespace = `RateLimit:${opts.endpointName}:`
const k = `{${opts.subjectName}}`
@ -35,7 +22,7 @@ const RateLimiter = {
maxInInterval: opts.throttle
})
limiter(k, function(err, timeLeft, actionsLeft) {
if (err != null) {
if (err) {
return callback(err)
}
const allowed = timeLeft === 0