From a962f6cabdea524727af986b8ada0dfe98275ef0 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Wed, 2 Mar 2022 11:36:30 +0000 Subject: [PATCH] Adding public API rate limiting, with env variable option, defaults to 120 requests per minute. --- packages/server/package.json | 1 + .../server/src/api/routes/public/index.ts | 13 +++++ packages/server/src/environment.js | 1 + packages/server/yarn.lock | 47 ++++++++++--------- 4 files changed, 41 insertions(+), 21 deletions(-) diff --git a/packages/server/package.json b/packages/server/package.json index 43cf9b9dbe..9846d5752c 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -111,6 +111,7 @@ "koa-send": "5.0.0", "koa-session": "5.12.0", "koa-static": "5.0.0", + "koa2-ratelimit": "^1.1.0", "lodash": "4.17.21", "memorystream": "^0.3.1", "mongodb": "3.6.3", diff --git a/packages/server/src/api/routes/public/index.ts b/packages/server/src/api/routes/public/index.ts index 7e48e1a6a7..438ef2c1e9 100644 --- a/packages/server/src/api/routes/public/index.ts +++ b/packages/server/src/api/routes/public/index.ts @@ -8,18 +8,31 @@ import authorized from "../../../middleware/authorized" import { paramResource, paramSubResource } from "../../../middleware/resourceId" import { CtxFn } from "./utils/Endpoint" import mapperMiddleware from "./middleware/mapper" +import env from "../../../environment" +// below imports don't have declaration files const Router = require("@koa/router") +const RateLimit = require("koa2-ratelimit").RateLimit const { PermissionLevels, PermissionTypes, } = require("@budibase/backend-core/permissions") const PREFIX = "/api/public/v1" +const DEFAULT_API_LIMITING = 120 + +// rate limiting, allows for 2 requests per second +const limiter = RateLimit.middleware({ + interval: { min: 1 }, + // per ip, per interval + max: env.API_RATE_LIMITING || DEFAULT_API_LIMITING, +}) const publicRouter = new Router({ prefix: PREFIX, }) +publicRouter.use(limiter) + function addMiddleware( endpoints: any, middleware: CtxFn, diff --git a/packages/server/src/environment.js b/packages/server/src/environment.js index 7ed8b16b6f..e3e321b795 100644 --- a/packages/server/src/environment.js +++ b/packages/server/src/environment.js @@ -45,6 +45,7 @@ module.exports = { INTERNAL_API_KEY: process.env.INTERNAL_API_KEY, MULTI_TENANCY: process.env.MULTI_TENANCY, HTTP_MIGRATIONS: process.env.HTTP_MIGRATIONS, + API_RATE_LIMITING: process.env.API_RATE_LIMITING, // environment NODE_ENV: process.env.NODE_ENV, JEST_WORKER_ID: process.env.JEST_WORKER_ID, diff --git a/packages/server/yarn.lock b/packages/server/yarn.lock index b91c23776a..ce4213c322 100644 --- a/packages/server/yarn.lock +++ b/packages/server/yarn.lock @@ -995,10 +995,10 @@ resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== -"@budibase/backend-core@^1.0.79-alpha.5": - version "1.0.79-alpha.5" - resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-1.0.79-alpha.5.tgz#dac73ccfcd2e6e63415cde6d76e4bf09043dc6b6" - integrity sha512-m7/z55fp+EYVYEAyuQ2K//AcrfgzLBcR4EVjP+rrmbIhGFbLV2ASl5IBg9bcAYp0z2m816skJrY2asx9raWhgw== +"@budibase/backend-core@^1.0.79-alpha.7": + version "1.0.79-alpha.7" + resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-1.0.79-alpha.7.tgz#57e8319118b425cc228173d1ec8bf19843e1a417" + integrity sha512-Ao4dR6zwnJa4mYiRyl5lULYm+wsYwOi3sxDIjt5vmurqUL2JTuVUrGt1MAq1N6K11xQpbQQJAFvgfxBgn9aEMg== dependencies: "@techpass/passport-openidconnect" "^0.3.0" aws-sdk "^2.901.0" @@ -1068,7 +1068,7 @@ svelte-flatpickr "^3.2.3" svelte-portal "^1.0.0" -"@budibase/bbui@^1.0.79-alpha.5": +"@budibase/bbui@^1.0.79-alpha.7": version "1.58.13" resolved "https://registry.yarnpkg.com/@budibase/bbui/-/bbui-1.58.13.tgz#59df9c73def2d81c75dcbd2266c52c19db88dbd7" integrity sha512-Zk6CKXdBfKsTVzA1Xs5++shdSSZLfphVpZuKVbjfzkgtuhyH7ruucexuSHEpFsxjW5rEKgKIBoRFzCK5vPvN0w== @@ -1080,14 +1080,14 @@ svelte-portal "^1.0.0" turndown "^7.0.0" -"@budibase/client@^1.0.79-alpha.5": - version "1.0.79-alpha.5" - resolved "https://registry.yarnpkg.com/@budibase/client/-/client-1.0.79-alpha.5.tgz#d729858b10e6cd2a506fb63364a0e7ab3149780e" - integrity sha512-OrBErU97YL67GggsLmcD46AUElSgtyFjZdCXi++3s4zaZYZxT4Ix2iFMrnslcpF87bv8xyiSt3vsyCPGKCU5wQ== +"@budibase/client@^1.0.79-alpha.7": + version "1.0.79-alpha.7" + resolved "https://registry.yarnpkg.com/@budibase/client/-/client-1.0.79-alpha.7.tgz#d225ac5bd68fa9ecb81114791e6d931246da9637" + integrity sha512-7faCcIlXyOf660PwpOMCt9/X2liiTuCsPGUpLsJQu2j9CcVZ5vV+au0CX7dtqewtPNuIL0mF3G7ZOpBTvXx4NQ== dependencies: - "@budibase/bbui" "^1.0.79-alpha.5" - "@budibase/frontend-core" "^1.0.79-alpha.5" - "@budibase/string-templates" "^1.0.79-alpha.5" + "@budibase/bbui" "^1.0.79-alpha.7" + "@budibase/frontend-core" "^1.0.79-alpha.7" + "@budibase/string-templates" "^1.0.79-alpha.7" "@spectrum-css/button" "^3.0.3" "@spectrum-css/card" "^3.0.3" "@spectrum-css/divider" "^1.0.3" @@ -1106,12 +1106,12 @@ svelte-flatpickr "^3.1.0" svelte-spa-router "^3.0.5" -"@budibase/frontend-core@^1.0.79-alpha.5": - version "1.0.79-alpha.5" - resolved "https://registry.yarnpkg.com/@budibase/frontend-core/-/frontend-core-1.0.79-alpha.5.tgz#7da5faf83d6cc5a59d8e038c2e9333e27bff35d5" - integrity sha512-5xti0MdKRvNKwYUE5cp4rH8IwLPmuRz39ajck947ut2OWzXV9bt7SXzoKPSSzEGdCBA2DgzJpK3gQWYlqXiJiQ== +"@budibase/frontend-core@^1.0.79-alpha.7": + version "1.0.79-alpha.7" + resolved "https://registry.yarnpkg.com/@budibase/frontend-core/-/frontend-core-1.0.79-alpha.7.tgz#cba8f61932f966dc3f19cc7d5fed45d832ee676e" + integrity sha512-mEspQXLUnjvNcL7QfDN1qIFGRo+AfdcaEq23gKAWXF1R+Byy7VCYDzcowzJY/TT6B4BSq3z6s57z3ILKtqI7zA== dependencies: - "@budibase/bbui" "^1.0.79-alpha.5" + "@budibase/bbui" "^1.0.79-alpha.7" lodash "^4.17.21" svelte "^3.46.2" @@ -1158,10 +1158,10 @@ svelte-apexcharts "^1.0.2" svelte-flatpickr "^3.1.0" -"@budibase/string-templates@^1.0.79-alpha.5": - version "1.0.79-alpha.5" - resolved "https://registry.yarnpkg.com/@budibase/string-templates/-/string-templates-1.0.79-alpha.5.tgz#063f5beca7d3b4a9757df77dcf1bd8a442d7522e" - integrity sha512-Rifn1h1Pn53KYCFX6GHmMq+fD4IEnfRXEWrf4RD7cy4TVCYqCIcI84tnzUwibkyuCbpDw4zh0RR0m4nemf7heg== +"@budibase/string-templates@^1.0.79-alpha.7": + version "1.0.79-alpha.7" + resolved "https://registry.yarnpkg.com/@budibase/string-templates/-/string-templates-1.0.79-alpha.7.tgz#3e5235e05f13fe406cae62862110f841788d1bc0" + integrity sha512-wdnk0wi9vuSYY7vimIGV1+i0dSONOBg5deZia8v9O8XM9OmJohLUIkJdMNhhv9OCxyeC53gauaxhVdKeop6kmA== dependencies: "@budibase/handlebars-helpers" "^0.11.8" dayjs "^1.10.4" @@ -8707,6 +8707,11 @@ koa-views@^7.0.1: pretty "^2.0.0" resolve-path "^1.4.0" +koa2-ratelimit@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/koa2-ratelimit/-/koa2-ratelimit-1.1.0.tgz#5ab432fdda7b2d63a4fb1b9a0d994c1264396aff" + integrity sha512-AumRCI8YO9TMF9trVP6j68K5qzi21ajZUOCb5VuPWq9pZw+FHXam275S5P1IDAlZjs1cDFBOAAkhwTdTbVCcsg== + koa@2.7.0: version "2.7.0" resolved "https://registry.yarnpkg.com/koa/-/koa-2.7.0.tgz#7e00843506942b9d82c6cc33749f657c6e5e7adf"