From 75eae09302610fab07de0095fc600bf71afc4836 Mon Sep 17 00:00:00 2001
From: CounterFire2023 <136581895+CounterFire2023@users.noreply.github.com>
Date: Fri, 1 Mar 2024 10:26:10 +0800
Subject: [PATCH] add ratelimit

---
 .env.development        |  6 +++---
 package.json            |  1 +
 packages/zutils         |  2 +-
 src/api.server.ts       | 16 ++++++++++++++++
 src/plats/PlatGoogle.ts | 15 +++++----------
 yarn.lock               | 21 ++++++++++++++++++++-
 6 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/.env.development b/.env.development
index 1059d6a..bc6eb09 100644
--- a/.env.development
+++ b/.env.development
@@ -56,6 +56,6 @@ OKX_PASS='7654321Cf_'
 OKX_SECRET_KEY='AF7F4CEE2A10715F9709D38452CE0BFD'
 
 
-DISCORD_CLIENT_ID='1199289311850409984'
-DISCORD_CLIENT_SECRET='2ttcY7FgDXSo_izCD1BSZrORh864aR6r'
-DISCORD_REDIRECT_URI='https://oauth-svr.cebggame.com/test/discord/oauth_redirect'
\ No newline at end of file
+DISCORD_CLIENT_ID='1199290913155981345'
+DISCORD_CLIENT_SECRET='0-iIPG1waeQ7GpFV3e_dGH6kfjv1SVNS'
+DISCORD_REDIRECT_URI='https://oauth-svr.cebggame.com/oauth/redirect'
\ No newline at end of file
diff --git a/package.json b/package.json
index 08ac06a..b02c332 100644
--- a/package.json
+++ b/package.json
@@ -17,6 +17,7 @@
     "@fastify/formbody": "^7.3.0",
     "@fastify/helmet": "^10.0.1",
     "@fastify/jwt": "^6.3.2",
+    "@fastify/rate-limit": "^9.1.0",
     "@fastify/view": "^7.4.1",
     "@metamask/eth-sig-util": "^4.0.1",
     "axios": "^1.1.3",
diff --git a/packages/zutils b/packages/zutils
index c1946bb..b97e334 160000
--- a/packages/zutils
+++ b/packages/zutils
@@ -1 +1 @@
-Subproject commit c1946bbe7d53e21cf0c85ca13a82577751a04b7c
+Subproject commit b97e33472f46eb8fb47a8cf3c3924c5d26af5eca
diff --git a/src/api.server.ts b/src/api.server.ts
index 6cacf5c..8dfcb37 100644
--- a/src/api.server.ts
+++ b/src/api.server.ts
@@ -29,6 +29,15 @@ export class ApiServer {
     this.registerPlugins()
   }
   private registerPlugins() {
+    // @ts-ignore
+    this.server.register(import('@fastify/rate-limit'), {
+      global: false,
+      max: 5,
+      timeWindow: '1 minute',
+      keyGenerator: (req: FastifyRequest) => {
+        return req.headers['x-real-ip'] || req.ip
+      },
+    })
     this.server.register(require('@fastify/formbody'))
     this.server.register(zReqParserPlugin)
     this.server.register(helmet, { hidePoweredBy: false })
@@ -65,6 +74,13 @@ export class ApiServer {
           data.path,
           {
             preValidation: async function (request: FastifyRequest, reply: FastifyReply) {
+              if (config.limit) {
+                if (!config.limitMethod) {
+                  config.limitMethod = this.rateLimit(config.limit)
+                }
+                // @ts-ignore
+                await config.limitMethod(request, reply)
+              }
               request.roles = config.roles
               await this.apiAuth(request, reply)
             },
diff --git a/src/plats/PlatGoogle.ts b/src/plats/PlatGoogle.ts
index 713999c..c9b266e 100644
--- a/src/plats/PlatGoogle.ts
+++ b/src/plats/PlatGoogle.ts
@@ -11,7 +11,8 @@ const CLIENT_ID2 = process.env.GOOGLE_OAUTH_CLIENT2
 const CLIENT_ID_IOS = process.env.GOOGLE_OAUTH_CLIENT_IOS
 const CLIENT_ID3 = '436789193812-5vh7ahctkaofjir9tnilfnvm19cf3vve.apps.googleusercontent.com'
 const CLIENT_ID4 = '436789193812-9vubggj1op881elm41i7b9raeec9dgrj.apps.googleusercontent.com'
-
+const CLIENT_ID5 = '436789193812-9vubggj1op881elm41i7b9raeec9dgrj.apps.googleusercontent.com'
+const CLIENTS = [CLIENT_ID, CLIENT_ID2, CLIENT_ID3, CLIENT_ID4, CLIENT_ID_IOS, IOS_TEST, CLIENT_ID5]
 export class PlatGoogle implements IPlat {
   async verifyToken(req: any): Promise<any> {
     let { code, token } = req.params
@@ -22,7 +23,7 @@ export class PlatGoogle implements IPlat {
     try {
       const ticket = await client.verifyIdToken({
         idToken: code,
-        audience: [CLIENT_ID, CLIENT_ID2, CLIENT_ID_IOS, IOS_TEST, CLIENT_ID3, CLIENT_ID4], // Specify the CLIENT_ID of the app that accesses the backend
+        audience: CLIENTS, // Specify the CLIENT_ID of the app that accesses the backend
         // Or, if multiple clients access the backend:
         //[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
       })
@@ -30,14 +31,7 @@ export class PlatGoogle implements IPlat {
       if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
         throw new ZError(10, 'id token error')
       }
-      if (
-        payload.aud !== CLIENT_ID &&
-        payload.aud !== CLIENT_ID2 &&
-        payload.aud !== CLIENT_ID3 &&
-        payload.aud !== CLIENT_ID4 &&
-        payload.aud !== CLIENT_ID_IOS &&
-        payload.aud !== IOS_TEST
-      ) {
+      if (CLIENTS.indexOf(payload.aud) === -1) {
         throw new ZError(11, 'client id mismatch')
       }
 
@@ -65,6 +59,7 @@ export class PlatGoogle implements IPlat {
         openId = info.sub
       } catch (e2) {
         logger.log('error parse google access token', e2)
+        throw new ZError(10, 'id token error')
       }
     }
     return { openId, data }
diff --git a/yarn.lock b/yarn.lock
index 2cff539..480b2e3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -457,6 +457,15 @@
     fastify-plugin "^4.0.0"
     steed "^1.1.3"
 
+"@fastify/rate-limit@^9.1.0":
+  version "9.1.0"
+  resolved "https://registry.yarnpkg.com/@fastify/rate-limit/-/rate-limit-9.1.0.tgz#c70f30e8be904c31986e09f262ba0f5ea1ef64b9"
+  integrity sha512-h5dZWCkuZXN0PxwqaFQLxeln8/LNwQwH9popywmDCFdKfgpi4b/HoMH1lluy6P+30CG9yzzpSpwTCIPNB9T1JA==
+  dependencies:
+    "@lukeed/ms" "^2.0.1"
+    fastify-plugin "^4.0.0"
+    toad-cache "^3.3.1"
+
 "@fastify/view@^7.4.1":
   version "7.4.1"
   resolved "https://registry.npmjs.org/@fastify/view/-/view-7.4.1.tgz"
@@ -507,6 +516,11 @@
   resolved "https://registry.npmmirror.com/@lukeed/ms/-/ms-2.0.1.tgz"
   integrity sha512-Xs/4RZltsAL7pkvaNStUQt7netTkyxrS0K+RILcVr3TRMS/ToOg4I6uNfhB9SlGsnWBym4U+EaXq0f0cEMNkHA==
 
+"@lukeed/ms@^2.0.1":
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/@lukeed/ms/-/ms-2.0.2.tgz#07f09e59a74c52f4d88c6db5c1054e819538e2a8"
+  integrity sha512-9I2Zn6+NJLfaGoz9jN3lpwDgAYvfGeNYdbAIjJOqzs4Tpc+VU3Jqq4IofSUBKajiDS8k9fZIg18/z13mpk1bsA==
+
 "@metamask/eth-sig-util@^4.0.1":
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/@metamask/eth-sig-util/-/eth-sig-util-4.0.1.tgz#3ad61f6ea9ad73ba5b19db780d40d9aae5157088"
@@ -3571,7 +3585,7 @@ node-addon-api@^2.0.0:
   resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32"
   integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA==
 
-node-fetch@^2.6.12:
+node-fetch@2, node-fetch@^2.6.12:
   version "2.7.0"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d"
   integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
@@ -4514,6 +4528,11 @@ to-regex-range@^5.0.1:
   dependencies:
     is-number "^7.0.0"
 
+toad-cache@^3.3.1:
+  version "3.7.0"
+  resolved "https://registry.yarnpkg.com/toad-cache/-/toad-cache-3.7.0.tgz#b9b63304ea7c45ec34d91f1d2fa513517025c441"
+  integrity sha512-/m8M+2BJUpoJdgAHoG+baCwBT+tf2VraSfkBgl0Y00qIWt41DJ8R5B8nsEw0I58YwF5IZH6z24/2TobDKnqSWw==
+
 toidentifier@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"