emly/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7f42ce3ae43c4682b31cdf4b6cd7c50ba43b7e7
api/src/middleware/rateLimit.ts
Flavio Fois 9458d1e8ad Introduces configurable test database for bug reports 
Enables switching between production and testing MySQL databases based on the `ENABLE_TEST_DB` environment variable and an `X-DB-ENV` request header.

Applies this dual database functionality primarily to bug report submission and administration features. New `TESTING_MYSQL_` environment variables are added for defining test database credentials.

Refines HTTP request logging by excluding health checks and admin session validation endpoints to reduce noise. Allows `/health` endpoints to bypass API and Admin key guards.

Temporarily disables HWID-based rate limiting for bug report submissions.
2026-03-02 23:15:15 +01:00

76 lines
2.1 KiB
TypeScript
Raw Blame History

import { Elysia } from "elysia";
import { getPool } from "../db/connection";
import { config } from "../config";
import { Log } from "../logger";
const excludedHwids = new Set<string>([
// Add HWIDs here for development testing
"95e025d1-7567-462e-9354-ac88b965cd22",
"50973d98-7dce-4496-9f9a-fee21655d38a",
]);
export const hwidRateLimit = new Elysia({
name: "hwid-rate-limit",
}).onBeforeHandle(
{ as: "scoped" },
// @ts-ignore
async ({ body, error }) => {
const hwid = (body as { hwid?: string })?.hwid;
if (!hwid || excludedHwids.has(hwid)) {
// No HWID provided or excluded, skip rate limiting
return {};
}
const pool = getPool();
const windowMs = config.rateLimit.windowHours * 60 * 60 * 1000;
const now = new Date();
// Get current rate limit entry
const [rows] = await pool.execute(
"SELECT window_start, count FROM rate_limit_hwid WHERE hwid = ?",
[hwid],
);
const entries = rows as { window_start: Date; count: number }[];
if (entries.length === 0) {
// First request from this HWID
await pool.execute(
"INSERT INTO rate_limit_hwid (hwid, window_start, count) VALUES (?, ?, 1)",
[hwid, now],
);
return {};
}
const entry = entries[0];
const windowStart = new Date(entry.window_start);
const elapsed = now.getTime() - windowStart.getTime();
if (elapsed > windowMs) {
// Window expired, reset
await pool.execute(
"UPDATE rate_limit_hwid SET window_start = ?, count = 1 WHERE hwid = ?",
[now, hwid],
);
return {};
}
if (entry.count >= config.rateLimit.max) {
const retryAfterMs = windowMs - elapsed;
const retryAfterMin = Math.ceil(retryAfterMs / 60000);
Log("RATELIMIT", `Rate limit hit hwid=${hwid} count=${entry.count}`);
return error(429, {
success: false,
message: `Rate limit exceeded. Try again in ${retryAfterMin} minutes.`,
});
}
// Increment count
await pool.execute(
"UPDATE rate_limit_hwid SET count = count + 1 WHERE hwid = ?",
[hwid],
);
return {};
},
);
Reference in New Issue View Git Blame Copy Permalink