Rate limit on product tree

Adhidarma Hadiwinoto
1 parent d4e968beab
Showing 1 changed file with 23 additions and 3 deletions Side-by-side Diff
lib/partner-listener/routers/product-tree.js
 const MODULE_NAME = 'PARTNER-LISTENER.ROUTERS.PRODUCT-TREE';
  
+const RATE_LIMIT_MESSAGE = 'Rate limited. Cobalah satu menit lagi!\n';
+const RATE_LIMIT_MAX = 2;
+const RATE_LIMIT_WINDOW_MS = 60 * 1000;
+
 const axios = require('axios').default;
 const express = require('express');
 const urlJoin = require('join-path');
+const expressRateLimit = require('express-rate-limit');
  
 const coreUrl = require('komodo-sdk/core-url');
 const logger = require('tektrans-logger');
@@ -15,11 +20,26 @@ const CORE_ENDPOINT = urlJoin(coreUrl, &#39;/product-tree&#39;);
 const router = express.Router();
 module.exports = router;
  
+const rateLimit = expressRateLimit({
+    windowMs: RATE_LIMIT_WINDOW_MS,
+    max: RATE_LIMIT_MAX,
+    message: RATE_LIMIT_MESSAGE,
+    keyGenerator: (req, res) => res.locals && res.locals.terminalName,
+    // handler: (req, res, next, opts) => {
+    //     onRateLimited(req, res, 'ip', opts);
+    // },
+});
+
+const extractTerminalName = (req, res, next) => {
+    const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') || '').toString().trim();
+    res.locals.terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
+    next();
+};
+
 const mainHandler = async (req, res) => {
     const { xid } = res.locals;
  
-    const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') || '').toString().trim();
-    const terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
+    const { terminalName } = res.locals;
     const password = getFromBodyQsParams(req, 'password');
  
     try {
@@ -52,4 +72,4 @@ const mainHandler = async (req, res) =&gt; {
     }
 };
  
-router.get('/', mainHandler);
+router.get('/', extractTerminalName, rateLimit, mainHandler);
1	1	const MODULE_NAME = 'PARTNER-LISTENER.ROUTERS.PRODUCT-TREE';
2	2
	3	+const RATE_LIMIT_MESSAGE = 'Rate limited. Cobalah satu menit lagi!\n';
	4	+const RATE_LIMIT_MAX = 2;
	5	+const RATE_LIMIT_WINDOW_MS = 60 * 1000;
	6	+
3	7	const axios = require('axios').default;
4	8	const express = require('express');
5	9	const urlJoin = require('join-path');
	10	+const expressRateLimit = require('express-rate-limit');
6	11
7	12	const coreUrl = require('komodo-sdk/core-url');
8	13	const logger = require('tektrans-logger');
...	...	@@ -15,11 +20,26 @@ const CORE_ENDPOINT = urlJoin(coreUrl, '/product-tree');
15	20	const router = express.Router();
16	21	module.exports = router;
17	22
	23	+const rateLimit = expressRateLimit({
	24	+ windowMs: RATE_LIMIT_WINDOW_MS,
	25	+ max: RATE_LIMIT_MAX,
	26	+ message: RATE_LIMIT_MESSAGE,
	27	+ keyGenerator: (req, res) => res.locals && res.locals.terminalName,
	28	+ // handler: (req, res, next, opts) => {
	29	+ // onRateLimited(req, res, 'ip', opts);
	30	+ // },
	31	+});
	32	+
	33	+const extractTerminalName = (req, res, next) => {
	34	+ const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') \|\| '').toString().trim();
	35	+ res.locals.terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
	36	+ next();
	37	+};
	38	+
18	39	const mainHandler = async (req, res) => {
19	40	const { xid } = res.locals;
20	41
21		- const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') \|\| '').toString().trim();
22		- const terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
	42	+ const { terminalName } = res.locals;
23	43	const password = getFromBodyQsParams(req, 'password');
24	44
25	45	try {
...	...	@@ -52,4 +72,4 @@ const mainHandler = async (req, res) => {
52	72	}
53	73	};
54	74
55		-router.get('/', mainHandler);
	75	+router.get('/', extractTerminalName, rateLimit, mainHandler);