add ratelimit
This commit is contained in:
CounterFire2023
parent
c06321e56d
commit
75eae09302
@ -56,6 +56,6 @@ OKX_PASS='7654321Cf_'
|
|||||||
OKX_SECRET_KEY='AF7F4CEE2A10715F9709D38452CE0BFD'
|
OKX_SECRET_KEY='AF7F4CEE2A10715F9709D38452CE0BFD'
|
||||||
|
|
||||||
|
|
||||||
DISCORD_CLIENT_ID='1199289311850409984'
|
DISCORD_CLIENT_ID='1199290913155981345'
|
||||||
DISCORD_CLIENT_SECRET='2ttcY7FgDXSo_izCD1BSZrORh864aR6r'
|
DISCORD_CLIENT_SECRET='0-iIPG1waeQ7GpFV3e_dGH6kfjv1SVNS'
|
||||||
DISCORD_REDIRECT_URI='https://oauth-svr.cebggame.com/test/discord/oauth_redirect'
|
DISCORD_REDIRECT_URI='https://oauth-svr.cebggame.com/oauth/redirect'
|
||||||
@ -17,6 +17,7 @@
|
|||||||
"@fastify/formbody": "^7.3.0",
|
"@fastify/formbody": "^7.3.0",
|
||||||
"@fastify/helmet": "^10.0.1",
|
"@fastify/helmet": "^10.0.1",
|
||||||
"@fastify/jwt": "^6.3.2",
|
"@fastify/jwt": "^6.3.2",
|
||||||
|
"@fastify/rate-limit": "^9.1.0",
|
||||||
"@fastify/view": "^7.4.1",
|
"@fastify/view": "^7.4.1",
|
||||||
"@metamask/eth-sig-util": "^4.0.1",
|
"@metamask/eth-sig-util": "^4.0.1",
|
||||||
"axios": "^1.1.3",
|
"axios": "^1.1.3",
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
Subproject commit c1946bbe7d53e21cf0c85ca13a82577751a04b7c
|
Subproject commit b97e33472f46eb8fb47a8cf3c3924c5d26af5eca
|
||||||
@ -29,6 +29,15 @@ export class ApiServer {
|
|||||||
this.registerPlugins()
|
this.registerPlugins()
|
||||||
}
|
}
|
||||||
private registerPlugins() {
|
private registerPlugins() {
|
||||||
|
// @ts-ignore
|
||||||
|
this.server.register(import('@fastify/rate-limit'), {
|
||||||
|
global: false,
|
||||||
|
max: 5,
|
||||||
|
timeWindow: '1 minute',
|
||||||
|
keyGenerator: (req: FastifyRequest) => {
|
||||||
|
return req.headers['x-real-ip'] || req.ip
|
||||||
|
},
|
||||||
|
})
|
||||||
this.server.register(require('@fastify/formbody'))
|
this.server.register(require('@fastify/formbody'))
|
||||||
this.server.register(zReqParserPlugin)
|
this.server.register(zReqParserPlugin)
|
||||||
this.server.register(helmet, { hidePoweredBy: false })
|
this.server.register(helmet, { hidePoweredBy: false })
|
||||||
@ -65,6 +74,13 @@ export class ApiServer {
|
|||||||
data.path,
|
data.path,
|
||||||
{
|
{
|
||||||
preValidation: async function (request: FastifyRequest, reply: FastifyReply) {
|
preValidation: async function (request: FastifyRequest, reply: FastifyReply) {
|
||||||
|
if (config.limit) {
|
||||||
|
if (!config.limitMethod) {
|
||||||
|
config.limitMethod = this.rateLimit(config.limit)
|
||||||
|
}
|
||||||
|
// @ts-ignore
|
||||||
|
await config.limitMethod(request, reply)
|
||||||
|
}
|
||||||
request.roles = config.roles
|
request.roles = config.roles
|
||||||
await this.apiAuth(request, reply)
|
await this.apiAuth(request, reply)
|
||||||
},
|
},
|
||||||
|
|||||||
@ -11,7 +11,8 @@ const CLIENT_ID2 = process.env.GOOGLE_OAUTH_CLIENT2
|
|||||||
const CLIENT_ID_IOS = process.env.GOOGLE_OAUTH_CLIENT_IOS
|
const CLIENT_ID_IOS = process.env.GOOGLE_OAUTH_CLIENT_IOS
|
||||||
const CLIENT_ID3 = '436789193812-5vh7ahctkaofjir9tnilfnvm19cf3vve.apps.googleusercontent.com'
|
const CLIENT_ID3 = '436789193812-5vh7ahctkaofjir9tnilfnvm19cf3vve.apps.googleusercontent.com'
|
||||||
const CLIENT_ID4 = '436789193812-9vubggj1op881elm41i7b9raeec9dgrj.apps.googleusercontent.com'
|
const CLIENT_ID4 = '436789193812-9vubggj1op881elm41i7b9raeec9dgrj.apps.googleusercontent.com'
|
||||||
|
const CLIENT_ID5 = '436789193812-9vubggj1op881elm41i7b9raeec9dgrj.apps.googleusercontent.com'
|
||||||
|
const CLIENTS = [CLIENT_ID, CLIENT_ID2, CLIENT_ID3, CLIENT_ID4, CLIENT_ID_IOS, IOS_TEST, CLIENT_ID5]
|
||||||
export class PlatGoogle implements IPlat {
|
export class PlatGoogle implements IPlat {
|
||||||
async verifyToken(req: any): Promise<any> {
|
async verifyToken(req: any): Promise<any> {
|
||||||
let { code, token } = req.params
|
let { code, token } = req.params
|
||||||
@ -22,7 +23,7 @@ export class PlatGoogle implements IPlat {
|
|||||||
try {
|
try {
|
||||||
const ticket = await client.verifyIdToken({
|
const ticket = await client.verifyIdToken({
|
||||||
idToken: code,
|
idToken: code,
|
||||||
audience: [CLIENT_ID, CLIENT_ID2, CLIENT_ID_IOS, IOS_TEST, CLIENT_ID3, CLIENT_ID4], // Specify the CLIENT_ID of the app that accesses the backend
|
audience: CLIENTS, // Specify the CLIENT_ID of the app that accesses the backend
|
||||||
// Or, if multiple clients access the backend:
|
// Or, if multiple clients access the backend:
|
||||||
//[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
|
//[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
|
||||||
})
|
})
|
||||||
@ -30,14 +31,7 @@ export class PlatGoogle implements IPlat {
|
|||||||
if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
|
if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
|
||||||
throw new ZError(10, 'id token error')
|
throw new ZError(10, 'id token error')
|
||||||
}
|
}
|
||||||
if (
|
if (CLIENTS.indexOf(payload.aud) === -1) {
|
||||||
payload.aud !== CLIENT_ID &&
|
|
||||||
payload.aud !== CLIENT_ID2 &&
|
|
||||||
payload.aud !== CLIENT_ID3 &&
|
|
||||||
payload.aud !== CLIENT_ID4 &&
|
|
||||||
payload.aud !== CLIENT_ID_IOS &&
|
|
||||||
payload.aud !== IOS_TEST
|
|
||||||
) {
|
|
||||||
throw new ZError(11, 'client id mismatch')
|
throw new ZError(11, 'client id mismatch')
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -65,6 +59,7 @@ export class PlatGoogle implements IPlat {
|
|||||||
openId = info.sub
|
openId = info.sub
|
||||||
} catch (e2) {
|
} catch (e2) {
|
||||||
logger.log('error parse google access token', e2)
|
logger.log('error parse google access token', e2)
|
||||||
|
throw new ZError(10, 'id token error')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return { openId, data }
|
return { openId, data }
|
||||||
|
|||||||
21
yarn.lock
21
yarn.lock
@ -457,6 +457,15 @@
|
|||||||
fastify-plugin "^4.0.0"
|
fastify-plugin "^4.0.0"
|
||||||
steed "^1.1.3"
|
steed "^1.1.3"
|
||||||
|
|
||||||
|
"@fastify/rate-limit@^9.1.0":
|
||||||
|
version "9.1.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/@fastify/rate-limit/-/rate-limit-9.1.0.tgz#c70f30e8be904c31986e09f262ba0f5ea1ef64b9"
|
||||||
|
integrity sha512-h5dZWCkuZXN0PxwqaFQLxeln8/LNwQwH9popywmDCFdKfgpi4b/HoMH1lluy6P+30CG9yzzpSpwTCIPNB9T1JA==
|
||||||
|
dependencies:
|
||||||
|
"@lukeed/ms" "^2.0.1"
|
||||||
|
fastify-plugin "^4.0.0"
|
||||||
|
toad-cache "^3.3.1"
|
||||||
|
|
||||||
"@fastify/view@^7.4.1":
|
"@fastify/view@^7.4.1":
|
||||||
version "7.4.1"
|
version "7.4.1"
|
||||||
resolved "https://registry.npmjs.org/@fastify/view/-/view-7.4.1.tgz"
|
resolved "https://registry.npmjs.org/@fastify/view/-/view-7.4.1.tgz"
|
||||||
@ -507,6 +516,11 @@
|
|||||||
resolved "https://registry.npmmirror.com/@lukeed/ms/-/ms-2.0.1.tgz"
|
resolved "https://registry.npmmirror.com/@lukeed/ms/-/ms-2.0.1.tgz"
|
||||||
integrity sha512-Xs/4RZltsAL7pkvaNStUQt7netTkyxrS0K+RILcVr3TRMS/ToOg4I6uNfhB9SlGsnWBym4U+EaXq0f0cEMNkHA==
|
integrity sha512-Xs/4RZltsAL7pkvaNStUQt7netTkyxrS0K+RILcVr3TRMS/ToOg4I6uNfhB9SlGsnWBym4U+EaXq0f0cEMNkHA==
|
||||||
|
|
||||||
|
"@lukeed/ms@^2.0.1":
|
||||||
|
version "2.0.2"
|
||||||
|
resolved "https://registry.yarnpkg.com/@lukeed/ms/-/ms-2.0.2.tgz#07f09e59a74c52f4d88c6db5c1054e819538e2a8"
|
||||||
|
integrity sha512-9I2Zn6+NJLfaGoz9jN3lpwDgAYvfGeNYdbAIjJOqzs4Tpc+VU3Jqq4IofSUBKajiDS8k9fZIg18/z13mpk1bsA==
|
||||||
|
|
||||||
"@metamask/eth-sig-util@^4.0.1":
|
"@metamask/eth-sig-util@^4.0.1":
|
||||||
version "4.0.1"
|
version "4.0.1"
|
||||||
resolved "https://registry.yarnpkg.com/@metamask/eth-sig-util/-/eth-sig-util-4.0.1.tgz#3ad61f6ea9ad73ba5b19db780d40d9aae5157088"
|
resolved "https://registry.yarnpkg.com/@metamask/eth-sig-util/-/eth-sig-util-4.0.1.tgz#3ad61f6ea9ad73ba5b19db780d40d9aae5157088"
|
||||||
@ -3571,7 +3585,7 @@ node-addon-api@^2.0.0:
|
|||||||
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32"
|
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32"
|
||||||
integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA==
|
integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA==
|
||||||
|
|
||||||
node-fetch@^2.6.12:
|
node-fetch@2, node-fetch@^2.6.12:
|
||||||
version "2.7.0"
|
version "2.7.0"
|
||||||
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d"
|
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d"
|
||||||
integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
|
integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
|
||||||
@ -4514,6 +4528,11 @@ to-regex-range@^5.0.1:
|
|||||||
dependencies:
|
dependencies:
|
||||||
is-number "^7.0.0"
|
is-number "^7.0.0"
|
||||||
|
|
||||||
|
toad-cache@^3.3.1:
|
||||||
|
version "3.7.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/toad-cache/-/toad-cache-3.7.0.tgz#b9b63304ea7c45ec34d91f1d2fa513517025c441"
|
||||||
|
integrity sha512-/m8M+2BJUpoJdgAHoG+baCwBT+tf2VraSfkBgl0Y00qIWt41DJ8R5B8nsEw0I58YwF5IZH6z24/2TobDKnqSWw==
|
||||||
|
|
||||||
toidentifier@1.0.1:
|
toidentifier@1.0.1:
|
||||||
version "1.0.1"
|
version "1.0.1"
|
||||||
resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
|
resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user