增加防止恶意创建空房间的机制

2021-01-12 13:41:19 +08:00 · 2021-01-12 13:41:19 +08:00 · 3a6dde6eec
commit 3a6dde6eec
parent f5b591b6f7
3 changed files with 31 additions and 2 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -248,6 +248,15 @@
        "@types/serve-static": "*"
      }
    },
+    "@types/express-rate-limit": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@types/express-rate-limit/-/express-rate-limit-5.1.1.tgz",
+      "integrity": "sha512-6oMYZBLlhxC5sdcRXXz528QyfGz3zTy9YdHwqlxLfgx5Cd3zwYaUjjPpJcaTtHmRefLi9P8kLBPz2wB7yz4JtQ==",
+      "dev": true,
+      "requires": {
+        "@types/express": "*"
+      }
+    },
    "@types/express-serve-static-core": {
      "version": "4.17.13",
      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.13.tgz",
@ -955,6 +964,11 @@
        "lodash.set": "^4.0.0"
      }
    },
+    "express-rate-limit": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-5.2.3.tgz",
+      "integrity": "sha512-cjQH+oDrEPXxc569XvxhHC6QXqJiuBT6BhZ70X3bdAImcnHnTNMVuMAJaT0TXPoRiEErUrVPRcOTpZpM36VbOQ=="
+    },
    "express-unless": {
      "version": "0.3.1",
      "resolved": "https://registry.npmjs.org/express-unless/-/express-unless-0.3.1.tgz",
--- a/package.json
+++ b/package.json
@ -21,11 +21,12 @@
  "devDependencies": {
    "@colyseus/loadtest": "^0.14.0",
    "@types/cors": "^2.8.6",
+    "@types/debug": "^4.1.5",
    "@types/express": "^4.17.1",
+    "@types/express-rate-limit": "^5.1.1",
    "ts-node": "^8.1.0",
    "ts-node-dev": "^1.0.0-pre.63",
-    "typescript": "^3.4.5",
-    "@types/debug": "^4.1.5"
+    "typescript": "^3.4.5"
  },
  "dependencies": {
    "@colyseus/command": "^0.1.6",
@ -38,6 +39,7 @@
    "debug": "^4.3.1",
    "express": "^4.16.4",
    "express-jwt": "^5.3.1",
+    "express-rate-limit": "^5.2.3",
    "fs-jetpack": "^4.1.0"
  }
 }
--- a/src/index.ts
+++ b/src/index.ts
@ -3,6 +3,7 @@ import express from "express";
 import cors from "cors";
 import {RedisPresence, Server} from "colyseus";
 import { monitor } from "@colyseus/monitor";
+import rateLimit from "express-rate-limit";
 // import socialRoutes from "@colyseus/social/express"

 import { GeneralRoom } from "./rooms/GeneralRoom";
@ -45,6 +46,18 @@ gameServer.define('general_room', GeneralRoom);

 // register colyseus monitor AFTER registering your room handlers
 app.use("/colyseus", monitor());
+
+// 限制每2分钟最多连接 max次, 防止恶意的创建空房间
+const apiLimiter = rateLimit({
+  windowMs: 2 * 60 * 1000, // 2 minutes
+  max: 20
+});
+app.use("/matchmake/", apiLimiter);
+
+// 设置反向代理后, 须设置该值
+// see https://expressjs.com/en/guide/behind-proxies.html
+app.set('trust proxy', 1);
+
 gameServer.onShutdown(function () {
  console.log("master process is being shut down!");
  //TODO:: 保存所有数据至db, 重启时恢复