crypto/wallet-svr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ratelimit

Browse Source
This commit is contained in:
CounterFire2023 2024-03-01 10:26:10 +08:00
parent c06321e56d
commit 75eae09302
6 changed files with 46 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.env.development
View File

@ -56,6 +56,6 @@ OKX_PASS='7654321Cf_'
OKX_SECRET_KEY='AF7F4CEE2A10715F9709D38452CE0BFD'
DISCORD_CLIENT_ID='1199289311850409984'
DISCORD_CLIENT_SECRET='2ttcY7FgDXSo_izCD1BSZrORh864aR6r'
DISCORD_REDIRECT_URI='https://oauth-svr.cebggame.com/test/discord/oauth_redirect'
DISCORD_CLIENT_ID='1199290913155981345'
DISCORD_CLIENT_SECRET='0-iIPG1waeQ7GpFV3e_dGH6kfjv1SVNS'
DISCORD_REDIRECT_URI='https://oauth-svr.cebggame.com/oauth/redirect'

1
package.json
View File

@ -17,6 +17,7 @@
"@fastify/formbody": "^7.3.0",
"@fastify/helmet": "^10.0.1",
"@fastify/jwt": "^6.3.2",
"@fastify/rate-limit": "^9.1.0",
"@fastify/view": "^7.4.1",
"@metamask/eth-sig-util": "^4.0.1",
"axios": "^1.1.3",

2
packages/zutils

@ -1 +1 @@
Subproject commit c1946bbe7d53e21cf0c85ca13a82577751a04b7c
Subproject commit b97e33472f46eb8fb47a8cf3c3924c5d26af5eca

16
src/api.server.ts
View File

@ -29,6 +29,15 @@ export class ApiServer {
this.registerPlugins()
}
private registerPlugins() {
// @ts-ignore
this.server.register(import('@fastify/rate-limit'), {
global: false,
max: 5,
timeWindow: '1 minute',
keyGenerator: (req: FastifyRequest) => {
return req.headers['x-real-ip'] || req.ip
},
})
this.server.register(require('@fastify/formbody'))
this.server.register(zReqParserPlugin)
this.server.register(helmet, { hidePoweredBy: false })
@ -65,6 +74,13 @@ export class ApiServer {
data.path,
{
preValidation: async function (request: FastifyRequest, reply: FastifyReply) {
if (config.limit) {
if (!config.limitMethod) {
config.limitMethod = this.rateLimit(config.limit)
}
// @ts-ignore
await config.limitMethod(request, reply)
}
request.roles = config.roles
await this.apiAuth(request, reply)
},

15
src/plats/PlatGoogle.ts
View File

@ -11,7 +11,8 @@ const CLIENT_ID2 = process.env.GOOGLE_OAUTH_CLIENT2
const CLIENT_ID_IOS = process.env.GOOGLE_OAUTH_CLIENT_IOS
const CLIENT_ID3 = '436789193812-5vh7ahctkaofjir9tnilfnvm19cf3vve.apps.googleusercontent.com'
const CLIENT_ID4 = '436789193812-9vubggj1op881elm41i7b9raeec9dgrj.apps.googleusercontent.com'
const CLIENT_ID5 = '436789193812-9vubggj1op881elm41i7b9raeec9dgrj.apps.googleusercontent.com'
const CLIENTS = [CLIENT_ID, CLIENT_ID2, CLIENT_ID3, CLIENT_ID4, CLIENT_ID_IOS, IOS_TEST, CLIENT_ID5]
export class PlatGoogle implements IPlat {
async verifyToken(req: any): Promise<any> {
let { code, token } = req.params
@ -22,7 +23,7 @@ export class PlatGoogle implements IPlat {
try {
const ticket = await client.verifyIdToken({
idToken: code,
audience: [CLIENT_ID, CLIENT_ID2, CLIENT_ID_IOS, IOS_TEST, CLIENT_ID3, CLIENT_ID4], // Specify the CLIENT_ID of the app that accesses the backend
audience: CLIENTS, // Specify the CLIENT_ID of the app that accesses the backend
// Or, if multiple clients access the backend:
//[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
})
@ -30,14 +31,7 @@ export class PlatGoogle implements IPlat {
if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
throw new ZError(10, 'id token error')
}
if (
payload.aud !== CLIENT_ID &&
payload.aud !== CLIENT_ID2 &&
payload.aud !== CLIENT_ID3 &&
payload.aud !== CLIENT_ID4 &&
payload.aud !== CLIENT_ID_IOS &&
payload.aud !== IOS_TEST
) {
if (CLIENTS.indexOf(payload.aud) === -1) {
throw new ZError(11, 'client id mismatch')
}
@ -65,6 +59,7 @@ export class PlatGoogle implements IPlat {
openId = info.sub
} catch (e2) {
logger.log('error parse google access token', e2)
throw new ZError(10, 'id token error')
}
}
return { openId, data }

21
yarn.lock
View File

@ -457,6 +457,15 @@
fastify-plugin "^4.0.0"
steed "^1.1.3"
"@fastify/rate-limit@^9.1.0":
version "9.1.0"
resolved "https://registry.yarnpkg.com/@fastify/rate-limit/-/rate-limit-9.1.0.tgz#c70f30e8be904c31986e09f262ba0f5ea1ef64b9"
integrity sha512-h5dZWCkuZXN0PxwqaFQLxeln8/LNwQwH9popywmDCFdKfgpi4b/HoMH1lluy6P+30CG9yzzpSpwTCIPNB9T1JA==
dependencies:
"@lukeed/ms" "^2.0.1"
fastify-plugin "^4.0.0"
toad-cache "^3.3.1"
"@fastify/view@^7.4.1":
version "7.4.1"
resolved "https://registry.npmjs.org/@fastify/view/-/view-7.4.1.tgz"
@ -507,6 +516,11 @@
resolved "https://registry.npmmirror.com/@lukeed/ms/-/ms-2.0.1.tgz"
integrity sha512-Xs/4RZltsAL7pkvaNStUQt7netTkyxrS0K+RILcVr3TRMS/ToOg4I6uNfhB9SlGsnWBym4U+EaXq0f0cEMNkHA==
"@lukeed/ms@^2.0.1":
version "2.0.2"
resolved "https://registry.yarnpkg.com/@lukeed/ms/-/ms-2.0.2.tgz#07f09e59a74c52f4d88c6db5c1054e819538e2a8"
integrity sha512-9I2Zn6+NJLfaGoz9jN3lpwDgAYvfGeNYdbAIjJOqzs4Tpc+VU3Jqq4IofSUBKajiDS8k9fZIg18/z13mpk1bsA==
"@metamask/eth-sig-util@^4.0.1":
version "4.0.1"
resolved "https://registry.yarnpkg.com/@metamask/eth-sig-util/-/eth-sig-util-4.0.1.tgz#3ad61f6ea9ad73ba5b19db780d40d9aae5157088"
@ -3571,7 +3585,7 @@ node-addon-api@^2.0.0:
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32"
integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA==
node-fetch@^2.6.12:
node-fetch@2, node-fetch@^2.6.12:
version "2.7.0"
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d"
integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
@ -4514,6 +4528,11 @@ to-regex-range@^5.0.1:
dependencies:
is-number "^7.0.0"
toad-cache@^3.3.1:
version "3.7.0"
resolved "https://registry.yarnpkg.com/toad-cache/-/toad-cache-3.7.0.tgz#b9b63304ea7c45ec34d91f1d2fa513517025c441"
integrity sha512-/m8M+2BJUpoJdgAHoG+baCwBT+tf2VraSfkBgl0Y00qIWt41DJ8R5B8nsEw0I58YwF5IZH6z24/2TobDKnqSWw==
toidentifier@1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"