add rate limit #91

sodazone · Jun 17, 2024 · df68e6e · df68e6e
1 parent e11f4cf
commit df68e6e
Show file tree

Hide file tree

Showing 7 changed files with 74 additions and 3 deletions.
diff --git a/packages/server/package.json b/packages/server/package.json
@@ -73,6 +73,7 @@
   "dependencies": {
     "@fastify/cors": "^9.0.1",
     "@fastify/jwt": "^8.0.1",
+    "@fastify/rate-limit": "^9.1.0",
     "@fastify/swagger": "^8.14.0",
     "@fastify/swagger-ui": "^4.0.0",
     "@fastify/websocket": "^10.0.1",

diff --git a/packages/server/src/environment.ts b/packages/server/src/environment.ts
@@ -1,6 +1,12 @@
 /* istanbul ignore next */
 export const environment = process.env.NODE_ENV || 'development'
 
+const NON_PROD = ['test', 'development']
+
+export function isNonProdEnv(envName: string): boolean {
+  return NON_PROD.includes(envName)
+}
+
 const envToLogger: Record<string, any> = {
   development: {
     transport: {

diff --git a/packages/server/src/server.ts b/packages/server/src/server.ts
@@ -20,6 +20,7 @@ import {
   Configuration,
   Connector,
   Ingress,
+  Limit,
   Persistence,
   Root,
   Subscriptions,
@@ -151,6 +152,7 @@ export async function createServer(opts: ServerOptions) {
     await server.register(FastifyCors, corsOpts)
   }
 
+  await server.register(Limit)
   await server.register(Auth)
   await server.register(Root)
 

diff --git a/packages/server/src/services/index.ts b/packages/server/src/services/index.ts
@@ -3,6 +3,7 @@ import Agents from './agents/plugin.js'
 import Auth from './auth.js'
 import Configuration from './config.js'
 import Ingress from './ingress/consumer/plugin.js'
+import Limit from './limit.js'
 import Connector from './networking/plugin.js'
 import Persistence from './persistence/plugin.js'
 import Root from './root.js'
@@ -11,4 +12,16 @@ import Telemetry from './telemetry/plugin.js'
 
 export * from './types.js'
 
-export { Root, Auth, Administration, Persistence, Connector, Configuration, Agents, Subscriptions, Telemetry, Ingress }
+export {
+  Root,
+  Limit,
+  Auth,
+  Administration,
+  Persistence,
+  Connector,
+  Configuration,
+  Agents,
+  Subscriptions,
+  Telemetry,
+  Ingress,
+}
diff --git a/packages/server/src/services/ingress/server/server.ts b/packages/server/src/services/ingress/server/server.ts
@@ -69,8 +69,8 @@ export async function createIngressServer(opts: ServerOptions) {
     exposeUptime: true,
   })
 
-  await server.register(Root)
   await server.register(Auth)
+  await server.register(Root)
   await server.register(Configuration, opts)
   await server.register(Connector)
   await server.register(Persistence, opts)

diff --git a/packages/server/src/services/limit.ts b/packages/server/src/services/limit.ts
@@ -0,0 +1,37 @@
+import { FastifyPluginAsync } from 'fastify'
+import fp from 'fastify-plugin'
+
+import rateLimit from '@fastify/rate-limit'
+
+import { environment, isNonProdEnv } from '../environment.js'
+
+const limitPlugin: FastifyPluginAsync = async (fastify) => {
+  if (isNonProdEnv(environment)) {
+    fastify.log.warn('(!) Rate limits are disabled [%s]', environment)
+
+    return
+  }
+
+  // TODO: make it configurable
+  await fastify.register(rateLimit, {
+    global: true,
+    max: 2,
+    timeWindow: 1000,
+    hook: 'preHandler',
+    /*keyGenerator: function (request) {
+      return request.headers['x-real-ip'] // nginx
+      || request.headers['x-client-ip'] // apache
+      || request.ip*/
+  })
+
+  fastify.setNotFoundHandler(
+    {
+      preHandler: fastify.rateLimit(),
+    },
+    function (_, reply) {
+      reply.code(404).send()
+    }
+  )
+}
+
+export default fp(limitPlugin)
diff --git a/yarn.lock b/yarn.lock
@@ -1158,6 +1158,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@fastify/rate-limit@npm:^9.1.0":
+  version: 9.1.0
+  resolution: "@fastify/rate-limit@npm:9.1.0"
+  dependencies:
+    "@lukeed/ms": "npm:^2.0.1"
+    fastify-plugin: "npm:^4.0.0"
+    toad-cache: "npm:^3.3.1"
+  checksum: 10c0/55914e4af5d93fff29e94ad4e3f369a371a3e7b97e501e796167dd49115c5d8dfa94aec8ec78ffcdb058268465b072a0892880523774b7b90a27a8ff304fea82
+  languageName: node
+  linkType: hard
+
 "@fastify/send@npm:^2.0.0":
   version: 2.1.0
   resolution: "@fastify/send@npm:2.1.0"
@@ -2528,6 +2539,7 @@ __metadata:
     "@biomejs/biome": "npm:1.8.1"
     "@fastify/cors": "npm:^9.0.1"
     "@fastify/jwt": "npm:^8.0.1"
+    "@fastify/rate-limit": "npm:^9.1.0"
     "@fastify/swagger": "npm:^8.14.0"
     "@fastify/swagger-ui": "npm:^4.0.0"
     "@fastify/websocket": "npm:^10.0.1"
@@ -7961,7 +7973,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"toad-cache@npm:^3.3.0":
+"toad-cache@npm:^3.3.0, toad-cache@npm:^3.3.1":
   version: 3.7.0
   resolution: "toad-cache@npm:3.7.0"
   checksum: 10c0/7dae2782ee20b22c9798bb8b71dec7ec6a0091021d2ea9dd6e8afccab6b65b358fdba49a02209fac574499702e2c000660721516c87c2538d1b2c0ba03e8c0c3