File size: 1,710 Bytes
9705b6c |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
const rateLimit = require('express-rate-limit');
const { logViolation } = require('../../cache');
const denyRequest = require('./denyRequest');
const {
MESSAGE_IP_MAX = 40,
MESSAGE_IP_WINDOW = 1,
MESSAGE_USER_MAX = 40,
MESSAGE_USER_WINDOW = 1,
} = process.env;
const ipWindowMs = MESSAGE_IP_WINDOW * 60 * 1000;
const ipMax = MESSAGE_IP_MAX;
const ipWindowInMinutes = ipWindowMs / 60000;
const userWindowMs = MESSAGE_USER_WINDOW * 60 * 1000;
const userMax = MESSAGE_USER_MAX;
const userWindowInMinutes = userWindowMs / 60000;
/**
* Creates either an IP/User message request rate limiter for excessive requests
* that properly logs and denies the violation.
*
* @param {boolean} [ip=true] - Whether to create an IP limiter or a user limiter.
* @returns {function} A rate limiter function.
*
*/
const createHandler = (ip = true) => {
return async (req, res) => {
const type = 'message_limit';
const errorMessage = {
type,
max: ip ? ipMax : userMax,
limiter: ip ? 'ip' : 'user',
windowInMinutes: ip ? ipWindowInMinutes : userWindowInMinutes,
};
await logViolation(req, res, type, errorMessage);
return await denyRequest(req, res, errorMessage);
};
};
/**
* Message request rate limiter by IP
*/
const messageIpLimiter = rateLimit({
windowMs: ipWindowMs,
max: ipMax,
handler: createHandler(),
});
/**
* Message request rate limiter by userId
*/
const messageUserLimiter = rateLimit({
windowMs: userWindowMs,
max: userMax,
handler: createHandler(false),
keyGenerator: function (req) {
return req.user?.id; // Use the user ID or NULL if not available
},
});
module.exports = {
messageIpLimiter,
messageUserLimiter,
};
|