Initial tests with rate limiting functions

10 years ago · fd88b2453d
parent 2e5fa0fe62
commit fd88b2453d
5 changed files with 51 additions and 7 deletions
--- a/.meteor/packages
+++ b/.meteor/packages
@ -25,6 +25,7 @@ meteor-base
 mobile-experience
 mongo
 random
+rate-limit
 reactive-dict
 reactive-var
 reload
--- a/packages/rocketchat-lib/package.js
+++ b/packages/rocketchat-lib/package.js
@ -8,6 +8,7 @@ Package.describe({
 Package.onUse(function(api) {
 	api.versionsFrom('1.0');

+	api.use('rate-limit');
 	api.use('reactive-var');
 	api.use('reactive-dict');
 	api.use('coffeescript');
@ -30,6 +31,7 @@ Package.onUse(function(api) {
 	api.addFiles('lib/slashCommand.coffee');

 	// SERVER LIB
+	api.addFiles('server/lib/RateLimiter.coffee', 'server');
 	api.addFiles('server/lib/roomTypes.coffee', 'server');

 	// SERVER MODELS
--- a/packages/rocketchat-lib/server/functions/setUsername.coffee
+++ b/packages/rocketchat-lib/server/functions/setUsername.coffee
@ -1,4 +1,10 @@
 RocketChat.setUsername = (user, username) ->
+	unless RocketChat.RateLimiter.check('RocketChat.setUsername', user)
+		return false
+
+	console.log 'RocketChat.setUsername'
+	return true
+
 	username = s.trim username
 	if not user or not username
 		return false
@ -44,3 +50,10 @@ RocketChat.setUsername = (user, username) ->
 	RocketChat.models.Users.setUsername user._id, username
 	user.username = username
 	return user
+
+RocketChat.RateLimiter.addRule
+	type: 'function'
+	name: 'RocketChat.setUsername'
+	params: (user) ->
+		return true
+, 1, 60000
--- a/packages/rocketchat-lib/server/lib/RateLimiter.coffee
+++ b/packages/rocketchat-lib/server/lib/RateLimiter.coffee
@ -0,0 +1,28 @@
+RocketChat.RateLimiter = new class
+	constructor: ->
+		@rateLimiter = new RateLimiter()
+
+	getErrorMessage: (rateLimitResult) ->
+		return "Error, too many requests. Please slow down. You must wait #{Math.ceil(rateLimitResult.timeToReset / 1000)} seconds before trying again."
+
+	addRule: (matcher, numRequests, timeInterval) ->
+		if matcher.type isnt 'function'
+			return DDPRateLimiter.addRule matcher, numRequests, timeInterval
+		else
+			return @rateLimiter.addRule matcher, numRequests, timeInterval
+
+	check: (functionName, params) ->
+		match =
+			type: "function",
+			name: functionName
+			params: params
+
+		@rateLimiter.increment(match)
+
+		rateLimitResult = @rateLimiter.check(match)
+		unless rateLimitResult.allowed
+			console.log @getErrorMessage(rateLimitResult)
+		return rateLimitResult.allowed
+
+	getRules: ->
+		return @rateLimiter.rules
--- a/packages/rocketchat-lib/server/methods/setUsername.coffee
+++ b/packages/rocketchat-lib/server/methods/setUsername.coffee
@ -30,10 +30,10 @@ Meteor.methods
 		return username

 # Limit setting username once per minute
-DDPRateLimiter.addRule
-	type: 'method'
-	name: 'setUsername'
-	userId: (userId) ->
-		# Administrators have permission to change others usernames, so don't limit those
-		return not RocketChat.authz.hasPermission( userId, 'edit-other-user-info')
-, 1, 60000
+# DDPRateLimiter.addRule
+# 	type: 'method'
+# 	name: 'setUsername'
+# 	userId: (userId) ->
+# 		# Administrators have permission to change others usernames, so don't limit those
+# 		return not RocketChat.authz.hasPermission( userId, 'edit-other-user-info')
+# , 1, 60000