CartoDB-SQL-API/app/middlewares/rate-limit.js

'use strict';

const RATE_LIMIT_ENDPOINTS_GROUPS = {
    QUERY: 'query',
    QUERY_FORMAT: 'query_format',
    JOB_CREATE: 'job_create',
    JOB_GET: 'job_get',
    JOB_DELETE: 'job_delete'
};


function rateLimit(userLimits, endpointGroup = null) {
    if (!isRateLimitEnabled(endpointGroup)) {
        return function rateLimitDisabledMiddleware(req, res, next) { next(); };
    }

    return function rateLimitMiddleware(req, res, next) {
        userLimits.getRateLimit(res.locals.user, endpointGroup, function(err, userRateLimit) {
            if (err) {
                return next(err);
            }
    
            if (!userRateLimit) {
                return next();
            }
    
            const [isBlocked, limit, remaining, retry, reset] = userRateLimit;
    
            res.set({
                'Carto-Rate-Limit-Limit': limit,
                'Carto-Rate-Limit-Remaining': remaining,
                'Retry-After': retry,
                'Carto-Rate-Limit-Reset': reset
            });
    
            if (isBlocked) {
                const rateLimitError = new Error('You are over the limits.');
                rateLimitError.http_status = 429;
                rateLimitError.context = 'limit';
                rateLimitError.detail = 'rate-limit';
                return next(rateLimitError);
            }
    
            return next();
        });
    };
}

function isRateLimitEnabled(endpointGroup) {
    return global.settings.ratelimits.rateLimitsEnabled &&
        endpointGroup &&
        global.settings.ratelimits.endpoints[endpointGroup];
}

module.exports = rateLimit;
module.exports.RATE_LIMIT_ENDPOINTS_GROUPS = RATE_LIMIT_ENDPOINTS_GROUPS;
rate limit middleware 2018-03-01 19:19:28 +08:00			`'use strict';`

			`const RATE_LIMIT_ENDPOINTS_GROUPS = {`
			`QUERY: 'query',`
			`QUERY_FORMAT: 'query_format',`
			`JOB_CREATE: 'job_create',`
			`JOB_GET: 'job_get',`
			`JOB_DELETE: 'job_delete'`
			`};`


refactoring middleware and updating tests 2018-03-02 23:42:45 +08:00			`function rateLimit(userLimits, endpointGroup = null) {`
			`if (!isRateLimitEnabled(endpointGroup)) {`
			`return function rateLimitDisabledMiddleware(req, res, next) { next(); };`
			`}`
rate limit middleware 2018-03-01 19:19:28 +08:00
refactoring middleware and updating tests 2018-03-02 23:42:45 +08:00			`return function rateLimitMiddleware(req, res, next) {`
			`userLimits.getRateLimit(res.locals.user, endpointGroup, function(err, userRateLimit) {`
rate limit middleware 2018-03-01 19:19:28 +08:00			`if (err) {`
			`return next(err);`
			`}`

refactoring middleware and updating tests 2018-03-02 23:42:45 +08:00			`if (!userRateLimit) {`
rate limit middleware 2018-03-01 19:19:28 +08:00			`return next();`
			`}`

refactoring middleware and updating tests 2018-03-02 23:42:45 +08:00			`const [isBlocked, limit, remaining, retry, reset] = userRateLimit;`
rate limit middleware 2018-03-01 19:19:28 +08:00
			`res.set({`
Headers following rfc6648 2018-03-14 19:17:26 +08:00			`'Carto-Rate-Limit-Limit': limit,`
			`'Carto-Rate-Limit-Remaining': remaining,`
			`'Retry-After': retry,`
			`'Carto-Rate-Limit-Reset': reset`
rate limit middleware 2018-03-01 19:19:28 +08:00			`});`

			`if (isBlocked) {`
make jshint happy 2018-03-01 21:47:34 +08:00			`const rateLimitError = new Error('You are over the limits.');`
			`rateLimitError.http_status = 429;`
adding and testing limits error response with params 2018-03-27 01:10:23 +08:00			`rateLimitError.context = 'limit';`
			`rateLimitError.detail = 'rate-limit';`
make jshint happy 2018-03-01 21:47:34 +08:00			`return next(rateLimitError);`
rate limit middleware 2018-03-01 19:19:28 +08:00			`}`

			`return next();`
			`});`
			`};`
			`}`

refactoring middleware and updating tests 2018-03-02 23:42:45 +08:00			`function isRateLimitEnabled(endpointGroup) {`
			`return global.settings.ratelimits.rateLimitsEnabled &&`
			`endpointGroup &&`
			`global.settings.ratelimits.endpoints[endpointGroup];`
rate limit middleware 2018-03-01 19:19:28 +08:00			`}`

refactoring middleware and updating tests 2018-03-02 23:42:45 +08:00			`module.exports = rateLimit;`
rate limit middleware 2018-03-01 19:19:28 +08:00			`module.exports.RATE_LIMIT_ENDPOINTS_GROUPS = RATE_LIMIT_ENDPOINTS_GROUPS;`