-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* feat: add the new rate limit This rate limit will use the method, path and ip as a key, and will be route based rate limiter. Also, this rate limit will be in memory for now using a Map as the store. * chore: remove the commented code * refactor: minor changes * fix: create env vars to config for the rate limit * fix: fix the default options * chore: use arrow function * chore: use spread
- Loading branch information
Showing
6 changed files
with
112 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -119,29 +119,31 @@ npx hemmelig --help | |
|
|
||
| ## Environment variables | ||
|
|
||
| | ENV vars | Description | Default | | ||
| | ------------------------------|:---------------------------------------------------------------------:| --------------------:| | ||
| | `SECRET_LOCAL_HOSTNAME` | The local hostname for the fastify instance | 0.0.0.0 | | ||
| | `SECRET_PORT` | The port number for the fastify instance | 3000 | | ||
| | `SECRET_HOST` | Used for i.e. set cors/cookies to your domain name | "" | | ||
| | `SECRET_MAX_TEXT_SIZE` | The max text size for the secret. Is set in kb. i.e. 256 for 256kb. | 256 | | ||
| | `SECRET_JWT_SECRET` | Override this for the secret signin JWT tokens for log in | good_luck_have_fun | | ||
| | `SECRET_ROOT_USER` | Override this for the root account username | groot | | ||
| | `SECRET_ROOT_PASSWORD` | This is the root password, override it with your own password | iamgroot | | ||
| | `SECRET_ROOT_EMAIL` | This is the root email, override it with your own email | [email protected] | | ||
| | `SECRET_FILE_SIZE` | Set the total allowed upload file size in mb. | 4 | | ||
| | `SECRET_FORCED_LANGUAGE` | Set the default language for the application. | en | | ||
| | `SECRET_UPLOAD_RESTRICTION` | Set the restriction for uploads to signed in users | "true" | | ||
| | `SECRET_DO_SPACES_ENDPOINT` | The Digital Ocean Spaces/AWS s3 endpoint | "" | | ||
| | `SECRET_DO_SPACES_KEY` | The Digital Ocean Spaces/AWS s3 key | "" | | ||
| | `SECRET_DO_SPACES_SECRET` | The Digital Ocean Spaces/AWS s3 secret | "" | | ||
| | `SECRET_DO_SPACES_BUCKET` | The Digital Ocean Spaces/AWS s3 bucket name | "" | | ||
| | `SECRET_DO_SPACES_FOLDER` | The Digital Ocean Spaces/AWS s3 folder for the uploaded files | "" | | ||
| | `SECRET_AWS_S3_REGION` | The Digital AWS s3 region | "" | | ||
| | `SECRET_AWS_S3_KEY` | The Digital AWS s3 key | "" | | ||
| | `SECRET_AWS_S3_SECRET` | The Digital AWS s3 secret | "" | | ||
| | `SECRET_AWS_S3_BUCKET` | The Digital AWS s3 bucket name | "" | | ||
| | `SECRET_AWS_S3_FOLDER` | The Digital AWS s3 folder for the uploaded files | "" | | ||
| | ENV vars | Description | Default | | ||
| | --------------------------------|:---------------------------------------------------------------------:| --------------------:| | ||
| | `SECRET_LOCAL_HOSTNAME` | The local hostname for the fastify instance | 0.0.0.0 | | ||
| | `SECRET_PORT` | The port number for the fastify instance | 3000 | | ||
| | `SECRET_HOST` | Used for i.e. set cors/cookies to your domain name | "" | | ||
| | `SECRET_MAX_TEXT_SIZE` | The max text size for the secret. Is set in kb. i.e. 256 for 256kb. | 256 | | ||
| | `SECRET_JWT_SECRET` | Override this for the secret signin JWT tokens for log in | good_luck_have_fun | | ||
| | `SECRET_ROOT_USER` | Override this for the root account username | groot | | ||
| | `SECRET_ROOT_PASSWORD` | This is the root password, override it with your own password | iamgroot | | ||
| | `SECRET_ROOT_EMAIL` | This is the root email, override it with your own email | [email protected] | | ||
| | `SECRET_FILE_SIZE` | Set the total allowed upload file size in mb. | 4 | | ||
| | `SECRET_FORCED_LANGUAGE` | Set the default language for the application. | en | | ||
| | `SECRET_UPLOAD_RESTRICTION` | Set the restriction for uploads to signed in users | "true" | | ||
| | `SECRET_RATE_LIMIT_MAX` | The maximum allowed requests each time frame | 1000 | | ||
| | `SECRET_RATE_LIMIT_TIME_WINDOW` | The time window for the requests before being rate limited in seconds | 60 | | ||
| | `SECRET_DO_SPACES_ENDPOINT` | The Digital Ocean Spaces/AWS s3 endpoint | "" | | ||
| | `SECRET_DO_SPACES_KEY` | The Digital Ocean Spaces/AWS s3 key | "" | | ||
| | `SECRET_DO_SPACES_SECRET` | The Digital Ocean Spaces/AWS s3 secret | "" | | ||
| | `SECRET_DO_SPACES_BUCKET` | The Digital Ocean Spaces/AWS s3 bucket name | "" | | ||
| | `SECRET_DO_SPACES_FOLDER` | The Digital Ocean Spaces/AWS s3 folder for the uploaded files | "" | | ||
| | `SECRET_AWS_S3_REGION` | The Digital AWS s3 region | "" | | ||
| | `SECRET_AWS_S3_KEY` | The Digital AWS s3 key | "" | | ||
| | `SECRET_AWS_S3_SECRET` | The Digital AWS s3 secret | "" | | ||
| | `SECRET_AWS_S3_BUCKET` | The Digital AWS s3 bucket name | "" | | ||
| | `SECRET_AWS_S3_FOLDER` | The Digital AWS s3 folder for the uploaded files | "" | | ||
|
|
||
| ## Supported languages | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| import fp from 'fastify-plugin'; | ||
| import getClientIp from '../helpers/client-ip.js'; | ||
|
|
||
| const store = new Map(); | ||
|
|
||
| const defaultOptions = { | ||
| prefix: '/', | ||
| max: 1000, // x requests | ||
| timeWindow: 60 * 1000, // 1 minute | ||
| }; | ||
|
|
||
| // Consider to extract this functionality to a separate plugin, | ||
| // and publish it on NPM | ||
| // Refactor the code into a class | ||
| // and make a redis adapter for it | ||
| export default fp((fastify, options = {}, done) => { | ||
| const settings = { ...defaultOptions, ...options }; | ||
|
|
||
| fastify.decorate('rateLimit', async (req, res) => { | ||
| if (!req.url.startsWith(settings.prefix)) { | ||
| done(); | ||
| } | ||
|
|
||
| const ip = getClientIp(req.headers); | ||
| const key = `${req.method}${req.url}${ip}`; | ||
|
|
||
| const currentTime = Date.now(); | ||
|
|
||
| if (!store.has(key) || currentTime > store.get(key)?.reset) { | ||
| store.set(key, { | ||
| count: 0, | ||
| reset: currentTime + settings.timeWindow, | ||
| }); | ||
| } | ||
|
|
||
| const current = store.get(key); | ||
| current.count += 1; | ||
|
|
||
| const resetTime = Math.floor((current.reset - currentTime) / 1000); | ||
|
|
||
| if (current.count > settings.max && currentTime <= current.reset) { | ||
| res.header('X-RateLimit-Reset', resetTime); | ||
|
|
||
| return res.code(429).send({ message: 'Too many requests, please try again later.' }); | ||
| } | ||
|
|
||
| res.header('X-RateLimit-Limit', settings.max); | ||
| res.header('X-RateLimit-Remaining', settings.max - current.count); | ||
| res.header('X-RateLimit-Reset', resetTime); | ||
| }); | ||
|
|
||
| fastify.addHook('onRequest', fastify.rateLimit); | ||
| done(); | ||
| }); |