WIP

2016-12-21 04:30:13 +02:00 · 2016-12-21 04:30:13 +02:00 · 199a2ea356
commit 199a2ea356
parent 99b19cffc2
4 changed files with 39 additions and 4 deletions
--- a/bin/lamassu-admin-server
+++ b/bin/lamassu-admin-server
@ -13,6 +13,7 @@ const argv = require('minimist')(process.argv.slice(2))
 const got = require('got')
 const morgan = require('morgan')
 const helmet = require('helmet')
+const RateLimit = require('express-rate-limit')

 const accounts = require('../lib/admin/accounts')
 const machines = require('../lib/admin/machines')
@ -55,14 +56,21 @@ function dbNotify () {

 const skip = (req, res) => req.path === '/api/status/' && res.statusCode === 200

+const limiter = new RateLimit({
+  windowMs: T.minute,
+  max: 120,
+  delayMs: 0,
+  delayAfter: 0,
+  keyGenerator: () => 'everybody'
+})
+
+app.use(limiter)
 app.use(morgan('dev', {skip}))
 app.use(helmet({
  noCache: true
 }))
 app.use(cookieParser())
 app.use(register)
-// if (!devMode) app.use(authenticate)
-console.log('DEBUG99')
 app.use(authenticate)

 app.use(bodyParser.json())
--- a/lib/routes.js
+++ b/lib/routes.js
@ -2,6 +2,7 @@

 const morgan = require('morgan')
 const helmet = require('helmet')
+const RateLimit = require('express-rate-limit')
 const bodyParser = require('body-parser')
 const BigNumber = require('bignumber.js')
 const _ = require('lodash/fp')
@ -16,6 +17,7 @@ const settingsLoader = require('./settings-loader')
 const plugins = require('./plugins')
 const helpers = require('./route-helpers')
 const poller = require('./poller')
+const T = require('./time')

 module.exports = {init}

@ -347,6 +349,14 @@ function init (opts) {
    '/phone_code'
  ]

+  const limiter = new RateLimit({
+    windowMs: T.minute,
+    max: 10,
+    delayMs: 0,
+    delayAfter: 0,
+    keyGenerator: () => 'everybody'
+  })
+
  app.use(morgan('dev', {skip}))
  app.use(helmet())
  app.use(populateDeviceId)
@ -355,8 +365,8 @@ function init (opts) {
  app.use(filterOldRequests)
  app.post('*', cacheAction)

-  app.post('/pair', pair)
-  app.get('/ca', ca)
+  app.post('/pair', limiter, pair)
+  app.get('/ca', limiter, ca)

  app.get('/poll', authMiddleware, poll)

--- a/package.json
+++ b/package.json
@ -12,6 +12,7 @@
    "cookie-parser": "^1.4.3",
    "express": "^4.13.4",
    "express-limiter": "^1.6.0",
+    "express-rate-limit": "^2.6.0",
    "got": "^6.6.3",
    "helmet": "^3.1.0",
    "lamassu-bitcoind": "lamassu/lamassu-bitcoind#alpha",
--- a/yarn.lock
+++ b/yarn.lock
@ -433,6 +433,10 @@ cliui@^2.1.0:
    right-align "^0.1.1"
    wordwrap "0.0.2"

+clone@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/clone/-/clone-1.0.2.tgz#260b7a99ebb1edfe247538175f783243cb19d149"
+
 co@^4.6.0:
  version "4.6.0"
  resolved "https://registry.yarnpkg.com/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"
@ -620,6 +624,12 @@ deep-is@~0.1.3:
  version "0.1.3"
  resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34"

+defaults@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/defaults/-/defaults-1.0.3.tgz#c656051e9817d9ff08ed881477f3fe4019f3ef7d"
+  dependencies:
+    clone "^1.0.2"
+
 defined@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/defined/-/defined-1.0.0.tgz#c98d9bcef75674188e110969151199e39b1fa693"
@ -852,6 +862,12 @@ express-limiter@^1.6.0:
  version "1.6.0"
  resolved "https://registry.yarnpkg.com/express-limiter/-/express-limiter-1.6.0.tgz#142753588f785b731551603d214415bc79da697a"

+express-rate-limit@^2.6.0:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-2.6.0.tgz#ecd359e15aa7f596dc80a604555765c02a3b2436"
+  dependencies:
+    defaults "^1.0.3"
+
 express@^4.11.1, express@^4.13.4:
  version "4.14.0"
  resolved "https://registry.yarnpkg.com/express/-/express-4.14.0.tgz#c1ee3f42cdc891fb3dc650a8922d51ec847d0d66"