rate limit on product price

Adhidarma Hadiwinoto
1 parent 5ea032d895
Showing 3 changed files with 42 additions and 3 deletions Side-by-side Diff
lib/partner-listener/routers/product-price.js
package-lock.json
package.json
 const MODULE_NAME = 'PARTNER-LISTENER.ROUTERS.PRODUCT-PRICE';
  
+const RATE_LIMIT_MESSAGE = 'Rate limited. Cobalah satu menit lagi!\n';
+const RATE_LIMIT_MAX = 2;
+const RATE_LIMIT_WINDOW_MS = 60 * 1000;
+
 const axios = require('axios').default;
 const express = require('express');
 const urlJoin = require('join-path');
+const expressRateLimit = require('express-rate-limit');
  
 const coreUrl = require('komodo-sdk/core-url');
 const logger = require('tektrans-logger');
@@ -16,6 +21,16 @@ const CORE_ENDPOINT = urlJoin(coreUrl, &#39;/product-tree&#39;);
 const router = express.Router();
 module.exports = router;
  
+const rateLimit = expressRateLimit({
+    windowMs: RATE_LIMIT_WINDOW_MS,
+    max: RATE_LIMIT_MAX,
+    message: RATE_LIMIT_MESSAGE,
+    keyGenerator: (req, res) => res.locals && res.locals.terminalName,
+    // handler: (req, res, next, opts) => {
+    //     onRateLimited(req, res, 'ip', opts);
+    // },
+});
+
 const traverse = (data, productType) => {
     const products = [];
  
@@ -47,11 +62,16 @@ const traverse = (data, productType) =&gt; {
     return products;
 };
  
+const extractTerminalName = (req, res, next) => {
+    const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') || '').toString().trim();
+    res.locals.terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
+    next();
+};
+
 const mainHandler = async (req, res) => {
     const { xid } = res.locals;
  
-    const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') || '').toString().trim();
-    const terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
+    const { terminalName } = res.locals;
     const password = getFromBodyQsParams(req, 'password');
  
     try {
@@ -96,4 +116,4 @@ const mainHandler = async (req, res) =&gt; {
     }
 };
  
-router.get('/', mainHandler);
+router.get('/', extractTerminalName, rateLimit, mainHandler);
@@ -11,6 +11,7 @@
       "dependencies": {
         "axios": "^0.19.2",
         "express": "^4.17.1",
+        "express-rate-limit": "^6.6.0",
         "join-path": "^1.1.1",
         "komodo-sdk": "^1.45.6",
         "mkdirp": "^1.0.4",
@@ -1173,6 +1174,17 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
+      "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+      "engines": {
+        "node": ">= 12.9.0"
+      },
+      "peerDependencies": {
+        "express": "^4 || ^5"
+      }
+    },
     "node_modules/express-session": {
       "version": "1.17.2",
       "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.2.tgz",
@@ -5600,6 +5612,12 @@
         }
       }
     },
+    "express-rate-limit": {
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
+      "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+      "requires": {}
+    },
     "express-session": {
       "version": "1.17.2",
       "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.2.tgz",
@@ -31,6 +31,7 @@
   "dependencies": {
     "axios": "^0.19.2",
     "express": "^4.17.1",
+    "express-rate-limit": "^6.6.0",
     "join-path": "^1.1.1",
     "komodo-sdk": "^1.45.6",
     "mkdirp": "^1.0.4",
1	1	const MODULE_NAME = 'PARTNER-LISTENER.ROUTERS.PRODUCT-PRICE';
2	2
	3	+const RATE_LIMIT_MESSAGE = 'Rate limited. Cobalah satu menit lagi!\n';
	4	+const RATE_LIMIT_MAX = 2;
	5	+const RATE_LIMIT_WINDOW_MS = 60 * 1000;
	6	+
3	7	const axios = require('axios').default;
4	8	const express = require('express');
5	9	const urlJoin = require('join-path');
	10	+const expressRateLimit = require('express-rate-limit');
6	11
7	12	const coreUrl = require('komodo-sdk/core-url');
8	13	const logger = require('tektrans-logger');
...	...	@@ -16,6 +21,16 @@ const CORE_ENDPOINT = urlJoin(coreUrl, '/product-tree');
16	21	const router = express.Router();
17	22	module.exports = router;
18	23
	24	+const rateLimit = expressRateLimit({
	25	+ windowMs: RATE_LIMIT_WINDOW_MS,
	26	+ max: RATE_LIMIT_MAX,
	27	+ message: RATE_LIMIT_MESSAGE,
	28	+ keyGenerator: (req, res) => res.locals && res.locals.terminalName,
	29	+ // handler: (req, res, next, opts) => {
	30	+ // onRateLimited(req, res, 'ip', opts);
	31	+ // },
	32	+});
	33	+
19	34	const traverse = (data, productType) => {
20	35	const products = [];
21	36
...	...	@@ -47,11 +62,16 @@ const traverse = (data, productType) => {
47	62	return products;
48	63	};
49	64
	65	+const extractTerminalName = (req, res, next) => {
	66	+ const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') \|\| '').toString().trim();
	67	+ res.locals.terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
	68	+ next();
	69	+};
	70	+
50	71	const mainHandler = async (req, res) => {
51	72	const { xid } = res.locals;
52	73
53		- const terminalNameWithoutIp = (getFromBodyQsParams(req, 'terminal_name') \|\| '').toString().trim();
54		- const terminalName = `${terminalNameWithoutIp}@${ipv6ToIpv4(req.ip)}`;
	74	+ const { terminalName } = res.locals;
55	75	const password = getFromBodyQsParams(req, 'password');
56	76
57	77	try {
...	...	@@ -96,4 +116,4 @@ const mainHandler = async (req, res) => {
96	116	}
97	117	};
98	118
99		-router.get('/', mainHandler);
	119	+router.get('/', extractTerminalName, rateLimit, mainHandler);
...	...	@@ -11,6 +11,7 @@
11	11	"dependencies": {
12	12	"axios": "^0.19.2",
13	13	"express": "^4.17.1",
	14	+ "express-rate-limit": "^6.6.0",
14	15	"join-path": "^1.1.1",
15	16	"komodo-sdk": "^1.45.6",
16	17	"mkdirp": "^1.0.4",
...	...	@@ -1173,6 +1174,17 @@
1173	1174	"node": ">= 0.10.0"
1174	1175	}
1175	1176	},
	1177	+ "node_modules/express-rate-limit": {
	1178	+ "version": "6.6.0",
	1179	+ "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
	1180	+ "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
	1181	+ "engines": {
	1182	+ "node": ">= 12.9.0"
	1183	+ },
	1184	+ "peerDependencies": {
	1185	+ "express": "^4 \|\| ^5"
	1186	+ }
	1187	+ },
1176	1188	"node_modules/express-session": {
1177	1189	"version": "1.17.2",
1178	1190	"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.2.tgz",
...	...	@@ -5600,6 +5612,12 @@
5600	5612	}
5601	5613	}
5602	5614	},
	5615	+ "express-rate-limit": {
	5616	+ "version": "6.6.0",
	5617	+ "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
	5618	+ "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
	5619	+ "requires": {}
	5620	+ },
5603	5621	"express-session": {
5604	5622	"version": "1.17.2",
5605	5623	"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.2.tgz",
...	...	@@ -31,6 +31,7 @@
31	31	"dependencies": {
32	32	"axios": "^0.19.2",
33	33	"express": "^4.17.1",
	34	+ "express-rate-limit": "^6.6.0",
34	35	"join-path": "^1.1.1",
35	36	"komodo-sdk": "^1.45.6",
36	37	"mkdirp": "^1.0.4",