agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-26 02:30:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
784ebcbd574ac599fc88cddbc22da1ced928e5ff
overleaf-cep/services/web/app/src/Features/Security/RateLimiterMiddleware.js
Eric Mc Sween 75abea72b0 Merge pull request #11492 from overleaf/em-rate-limiter 
Move all remaining rate limiters to rate-limiter-flexible

GitOrigin-RevId: 163ab2aebecb281057e552dc75591dd02028990c
2023-01-31 09:03:44 +00:00

84 lines
2.1 KiB
JavaScript
Raw Blame History

const logger = require('@overleaf/logger')
const SessionManager = require('../Authentication/SessionManager')
const LoginRateLimiter = require('./LoginRateLimiter')
const settings = require('@overleaf/settings')
/**
* Return a rate limiting middleware
*
* Pass an array of opts.params to segment this based on parameters in the
* request URL, e.g.:
*
* app.get "/project/:project_id", RateLimiterMiddleware.rateLimit(
* rateLimiter, params: ["project_id"]
* )
*
* will rate limit each project_id separately.
*
* Unique clients are identified by user_id if logged in, and IP address if not.
*/
function rateLimit(rateLimiter, opts = {}) {
const getUserId =
opts.getUserId || (req => SessionManager.getLoggedInUserId(req.session))
return function (req, res, next) {
const userId = getUserId(req) || req.ip
if (
settings.smokeTest &&
settings.smokeTest.userId &&
settings.smokeTest.userId.toString() === userId.toString()
) {
// ignore smoke test user
return next()
}
let key
if (opts.ipOnly) {
key = req.ip
} else {
const params = (opts.params || []).map(p => req.params[p])
params.push(userId)
key = params.join(':')
}
rateLimiter
.consume(key)
.then(() => next())
.catch(err => {
if (err instanceof Error) {
next(err)
} else {
res.status(429) // Too many requests
res.write('Rate limit reached, please try again later')
res.end()
}
})
}
}
function loginRateLimit(req, res, next) {
const { email } = req.body
if (!email) {
return next()
}
LoginRateLimiter.processLoginRequest(email, (err, isAllowed) => {
if (err) {
return next(err)
}
if (isAllowed) {
next()
} else {
logger.warn({ email }, 'rate limit exceeded')
res.status(429) // Too many requests
res.write('Rate limit reached, please try again later')
res.end()
}
})
}
const RateLimiterMiddleware = {
rateLimit,
loginRateLimit,
}
module.exports = RateLimiterMiddleware
Reference in New Issue View Git Blame Copy Permalink