From 3a6dde6eec75bf3d2b874c0e00e8e918829ab768 Mon Sep 17 00:00:00 2001
From: zhl <zhl010101@gmail.com>
Date: Tue, 12 Jan 2021 13:41:19 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=98=B2=E6=AD=A2=E6=81=B6?=
 =?UTF-8?q?=E6=84=8F=E5=88=9B=E5=BB=BA=E7=A9=BA=E6=88=BF=E9=97=B4=E7=9A=84?=
 =?UTF-8?q?=E6=9C=BA=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package-lock.json | 14 ++++++++++++++
 package.json      |  6 ++++--
 src/index.ts      | 13 +++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 94dcfb7..7c97be1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -248,6 +248,15 @@
         "@types/serve-static": "*"
       }
     },
+    "@types/express-rate-limit": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@types/express-rate-limit/-/express-rate-limit-5.1.1.tgz",
+      "integrity": "sha512-6oMYZBLlhxC5sdcRXXz528QyfGz3zTy9YdHwqlxLfgx5Cd3zwYaUjjPpJcaTtHmRefLi9P8kLBPz2wB7yz4JtQ==",
+      "dev": true,
+      "requires": {
+        "@types/express": "*"
+      }
+    },
     "@types/express-serve-static-core": {
       "version": "4.17.13",
       "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.13.tgz",
@@ -955,6 +964,11 @@
         "lodash.set": "^4.0.0"
       }
     },
+    "express-rate-limit": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-5.2.3.tgz",
+      "integrity": "sha512-cjQH+oDrEPXxc569XvxhHC6QXqJiuBT6BhZ70X3bdAImcnHnTNMVuMAJaT0TXPoRiEErUrVPRcOTpZpM36VbOQ=="
+    },
     "express-unless": {
       "version": "0.3.1",
       "resolved": "https://registry.npmjs.org/express-unless/-/express-unless-0.3.1.tgz",
diff --git a/package.json b/package.json
index 3c2e9fd..31070f0 100644
--- a/package.json
+++ b/package.json
@@ -21,11 +21,12 @@
   "devDependencies": {
     "@colyseus/loadtest": "^0.14.0",
     "@types/cors": "^2.8.6",
+    "@types/debug": "^4.1.5",
     "@types/express": "^4.17.1",
+    "@types/express-rate-limit": "^5.1.1",
     "ts-node": "^8.1.0",
     "ts-node-dev": "^1.0.0-pre.63",
-    "typescript": "^3.4.5",
-    "@types/debug": "^4.1.5"
+    "typescript": "^3.4.5"
   },
   "dependencies": {
     "@colyseus/command": "^0.1.6",
@@ -38,6 +39,7 @@
     "debug": "^4.3.1",
     "express": "^4.16.4",
     "express-jwt": "^5.3.1",
+    "express-rate-limit": "^5.2.3",
     "fs-jetpack": "^4.1.0"
   }
 }
diff --git a/src/index.ts b/src/index.ts
index 842c060..6ae8139 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -3,6 +3,7 @@ import express from "express";
 import cors from "cors";
 import {RedisPresence, Server} from "colyseus";
 import { monitor } from "@colyseus/monitor";
+import rateLimit from "express-rate-limit";
 // import socialRoutes from "@colyseus/social/express"
 
 import { GeneralRoom } from "./rooms/GeneralRoom";
@@ -45,6 +46,18 @@ gameServer.define('general_room', GeneralRoom);
 
 // register colyseus monitor AFTER registering your room handlers
 app.use("/colyseus", monitor());
+
+// 限制每2分钟最多连接 max次, 防止恶意的创建空房间
+const apiLimiter = rateLimit({
+  windowMs: 2 * 60 * 1000, // 2 minutes
+  max: 20
+});
+app.use("/matchmake/", apiLimiter);
+
+// 设置反向代理后, 须设置该值
+// see https://expressjs.com/en/guide/behind-proxies.html
+app.set('trust proxy', 1);
+
 gameServer.onShutdown(function () {
   console.log("master process is being shut down!");
   //TODO:: 保存所有数据至db, 重启时恢复