From 199a2ea356af333d8d7215cafa5cb8466e07a07a Mon Sep 17 00:00:00 2001 From: Josh Harvey Date: Wed, 21 Dec 2016 04:30:13 +0200 Subject: [PATCH] WIP --- bin/lamassu-admin-server | 12 ++++++++++-- lib/routes.js | 14 ++++++++++++-- package.json | 1 + yarn.lock | 16 ++++++++++++++++ 4 files changed, 39 insertions(+), 4 deletions(-) diff --git a/bin/lamassu-admin-server b/bin/lamassu-admin-server index 4ddd755a..8a33dd11 100755 --- a/bin/lamassu-admin-server +++ b/bin/lamassu-admin-server @@ -13,6 +13,7 @@ const argv = require('minimist')(process.argv.slice(2)) const got = require('got') const morgan = require('morgan') const helmet = require('helmet') +const RateLimit = require('express-rate-limit') const accounts = require('../lib/admin/accounts') const machines = require('../lib/admin/machines') @@ -55,14 +56,21 @@ function dbNotify () { const skip = (req, res) => req.path === '/api/status/' && res.statusCode === 200 +const limiter = new RateLimit({ + windowMs: T.minute, + max: 120, + delayMs: 0, + delayAfter: 0, + keyGenerator: () => 'everybody' +}) + +app.use(limiter) app.use(morgan('dev', {skip})) app.use(helmet({ noCache: true })) app.use(cookieParser()) app.use(register) -// if (!devMode) app.use(authenticate) -console.log('DEBUG99') app.use(authenticate) app.use(bodyParser.json()) diff --git a/lib/routes.js b/lib/routes.js index aa08661d..a166904c 100644 --- a/lib/routes.js +++ b/lib/routes.js @@ -2,6 +2,7 @@ const morgan = require('morgan') const helmet = require('helmet') +const RateLimit = require('express-rate-limit') const bodyParser = require('body-parser') const BigNumber = require('bignumber.js') const _ = require('lodash/fp') @@ -16,6 +17,7 @@ const settingsLoader = require('./settings-loader') const plugins = require('./plugins') const helpers = require('./route-helpers') const poller = require('./poller') +const T = require('./time') module.exports = {init} @@ -347,6 +349,14 @@ function init (opts) { '/phone_code' ] + const limiter = new RateLimit({ + windowMs: T.minute, + max: 10, + delayMs: 0, + delayAfter: 0, + keyGenerator: () => 'everybody' + }) + app.use(morgan('dev', {skip})) app.use(helmet()) app.use(populateDeviceId) @@ -355,8 +365,8 @@ function init (opts) { app.use(filterOldRequests) app.post('*', cacheAction) - app.post('/pair', pair) - app.get('/ca', ca) + app.post('/pair', limiter, pair) + app.get('/ca', limiter, ca) app.get('/poll', authMiddleware, poll) diff --git a/package.json b/package.json index f4e2db05..aed98364 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,7 @@ "cookie-parser": "^1.4.3", "express": "^4.13.4", "express-limiter": "^1.6.0", + "express-rate-limit": "^2.6.0", "got": "^6.6.3", "helmet": "^3.1.0", "lamassu-bitcoind": "lamassu/lamassu-bitcoind#alpha", diff --git a/yarn.lock b/yarn.lock index 70764e83..4e762539 100644 --- a/yarn.lock +++ b/yarn.lock @@ -433,6 +433,10 @@ cliui@^2.1.0: right-align "^0.1.1" wordwrap "0.0.2" +clone@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/clone/-/clone-1.0.2.tgz#260b7a99ebb1edfe247538175f783243cb19d149" + co@^4.6.0: version "4.6.0" resolved "https://registry.yarnpkg.com/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184" @@ -620,6 +624,12 @@ deep-is@~0.1.3: version "0.1.3" resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34" +defaults@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/defaults/-/defaults-1.0.3.tgz#c656051e9817d9ff08ed881477f3fe4019f3ef7d" + dependencies: + clone "^1.0.2" + defined@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/defined/-/defined-1.0.0.tgz#c98d9bcef75674188e110969151199e39b1fa693" @@ -852,6 +862,12 @@ express-limiter@^1.6.0: version "1.6.0" resolved "https://registry.yarnpkg.com/express-limiter/-/express-limiter-1.6.0.tgz#142753588f785b731551603d214415bc79da697a" +express-rate-limit@^2.6.0: + version "2.6.0" + resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-2.6.0.tgz#ecd359e15aa7f596dc80a604555765c02a3b2436" + dependencies: + defaults "^1.0.3" + express@^4.11.1, express@^4.13.4: version "4.14.0" resolved "https://registry.yarnpkg.com/express/-/express-4.14.0.tgz#c1ee3f42cdc891fb3dc650a8922d51ec847d0d66"