Skip to content

Commit 7fbbb21

Browse files
justinbotjustinbot
authored
Improve Provisioning API rate limiting (#458)
* Update express-rate-limit * Fix rate limiting config and use standard headers * Tweak default rate limit * Add changelog * Add retry_after_ms to error content
1 parent 909785e commit 7fbbb21

File tree

4 files changed

+22
-14
lines changed

4 files changed

+22
-14
lines changed

changelog.d/458.misc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Improve Provisioning API rate limiting and fix response headers.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@
3535
"axios": "^0.27.2",
3636
"chalk": "^4.1.0",
3737
"express": "^4.18.1",
38-
"express-rate-limit": "^6.2.0",
38+
"express-rate-limit": "^6.7.0",
3939
"extend": "^3.0.2",
4040
"ip-cidr": "^3.0.4",
4141
"is-my-json-valid": "^2.20.5",

src/provisioning/api.ts

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ import { MatrixHostResolver } from "../utils/matrix-host-resolver";
99
import IPCIDR from "ip-cidr";
1010
import { isIP } from "net";
1111
import { promises as dns } from "dns";
12-
import ratelimiter, { RateLimitInfo, Options as RatelimitOptions, AugmentedRequest } from "express-rate-limit";
12+
import ratelimiter, { Options as RatelimitOptions } from "express-rate-limit";
1313
import { Methods } from "./request";
1414
import { Logger } from "..";
1515

@@ -109,7 +109,7 @@ export interface ProvisioningApiOpts {
109109
* Options for ratelimiting requests to the api server. Does not affect
110110
* static content loading.
111111
*/
112-
ratelimit?: boolean|RatelimitOptions;
112+
ratelimit?: boolean|Partial<RatelimitOptions>;
113113
}
114114

115115

@@ -145,14 +145,21 @@ export class ProvisioningApi {
145145
this.app.get('/health', this.getHealth.bind(this));
146146

147147
const limiter = this.opts.ratelimit && ratelimiter({
148-
handler: (req, _res, next) => {
149-
const info = (req as AugmentedRequest).ratelimit as RateLimitInfo;
150-
const retryAfterMs = info?.resetTime ? info.resetTime.getTime() - Date.now() : null;
151-
next(new ApiError("Too many requests", ErrCode.Ratelimited, 429, { retry_after_ms: retryAfterMs }));
148+
handler: (req, _res, next, options) => {
149+
next(new ApiError(
150+
"Too many requests",
151+
ErrCode.Ratelimited,
152+
429,
153+
{
154+
retry_after_ms: options.windowMs,
155+
}
156+
));
152157
},
153-
windowMs: 6 * 60 * 1000, // 5 minutes
154-
max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
155-
...(typeof this.opts.ratelimit === "object" ? this.opts.ratelimit : undefined)
158+
windowMs: 1 * 60 * 1000, // 1 minute
159+
max: 30, // Limit per window
160+
standardHeaders: true,
161+
legacyHeaders: false,
162+
...(typeof this.opts.ratelimit === "object" ? this.opts.ratelimit : {})
156163
});
157164

158165
this.baseRoute = router();

yarn.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1308,10 +1308,10 @@ eventemitter3@^4.0.4:
13081308
resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f"
13091309
integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==
13101310

1311-
express-rate-limit@^6.2.0:
1312-
version "6.4.0"
1313-
resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-6.4.0.tgz#b7066afe21157a012ed2b7c9adde386e712485cd"
1314-
integrity sha512-lxQRZI4gi3qAWTf0/Uqsyugsz57h8bd7QyllXBgJvd6DJKokzW7C5DTaNvwzvAQzwHGFaItybfYGhC8gpu0V2A==
1311+
express-rate-limit@^6.7.0:
1312+
version "6.7.0"
1313+
resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-6.7.0.tgz#6aa8a1bd63dfe79702267b3af1161a93afc1d3c2"
1314+
integrity sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==
13151315

13161316
express@^4.17.1, express@^4.18.1:
13171317
version "4.18.1"

0 commit comments

Comments
 (0)