merge: simpler RateLimitService, might help with the leaks (!627)

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/627

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Marie <github@yuugi.dev>
Approved-by: Tess K <me@thvxl.se>
Approved-by: fEmber <acomputerdog@gmail.com>
This commit is contained in:
Julia 2024-09-23 16:51:39 +00:00
commit 30c1c7c24d
4 changed files with 36 additions and 79 deletions

View File

@ -120,9 +120,9 @@
"file-type": "19.3.0", "file-type": "19.3.0",
"fluent-ffmpeg": "2.1.3", "fluent-ffmpeg": "2.1.3",
"form-data": "4.0.0", "form-data": "4.0.0",
"glob": "10.3.10", "glob": "11.0.0",
"got": "14.4.2", "got": "14.4.2",
"happy-dom": "15.6.1", "happy-dom": "15.7.4",
"hpagent": "1.2.0", "hpagent": "1.2.0",
"htmlescape": "1.1.1", "htmlescape": "1.1.1",
"http-link-header": "1.1.3", "http-link-header": "1.1.3",

View File

@ -64,15 +64,6 @@ export class ApiCallService implements OnApplicationShutdown {
let statusCode = err.httpStatusCode; let statusCode = err.httpStatusCode;
if (err.httpStatusCode === 401) { if (err.httpStatusCode === 401) {
reply.header('WWW-Authenticate', 'Bearer realm="Misskey"'); reply.header('WWW-Authenticate', 'Bearer realm="Misskey"');
} else if (err.kind === 'client') {
reply.header('WWW-Authenticate', `Bearer realm="Misskey", error="invalid_request", error_description="${err.message}"`);
statusCode = statusCode ?? 400;
} else if (err.kind === 'permission') {
// (ROLE_PERMISSION_DENIEDは関係ない)
if (err.code === 'PERMISSION_DENIED') {
reply.header('WWW-Authenticate', `Bearer realm="Misskey", error="insufficient_scope", error_description="${err.message}"`);
}
statusCode = statusCode ?? 403;
} else if (err.code === 'RATE_LIMIT_EXCEEDED') { } else if (err.code === 'RATE_LIMIT_EXCEEDED') {
const info: unknown = err.info; const info: unknown = err.info;
const unixEpochInSeconds = Date.now(); const unixEpochInSeconds = Date.now();
@ -83,6 +74,15 @@ export class ApiCallService implements OnApplicationShutdown {
} else { } else {
this.logger.warn(`rate limit information has unexpected type ${typeof(err.info?.reset)}`); this.logger.warn(`rate limit information has unexpected type ${typeof(err.info?.reset)}`);
} }
} else if (err.kind === 'client') {
reply.header('WWW-Authenticate', `Bearer realm="Misskey", error="invalid_request", error_description="${err.message}"`);
statusCode = statusCode ?? 400;
} else if (err.kind === 'permission') {
// (ROLE_PERMISSION_DENIEDは関係ない)
if (err.code === 'PERMISSION_DENIED') {
reply.header('WWW-Authenticate', `Bearer realm="Misskey", error="insufficient_scope", error_description="${err.message}"`);
}
statusCode = statusCode ?? 403;
} else if (!statusCode) { } else if (!statusCode) {
statusCode = 500; statusCode = 500;
} }

View File

@ -32,18 +32,11 @@ export class RateLimiterService {
@bindThis @bindThis
public limit(limitation: IEndpointMeta['limit'] & { key: NonNullable<string> }, actor: string, factor = 1) { public limit(limitation: IEndpointMeta['limit'] & { key: NonNullable<string> }, actor: string, factor = 1) {
{ return new Promise<void>((ok, reject) => {
if (this.disabled) { if (this.disabled) ok();
return Promise.resolve();
}
// those lines with the "wrong" brace style / indentation are
// done that way so that the *other* lines stay identical to
// Misskey, simplifying merges
// Short-term limit // Short-term limit
// eslint-disable-next-line brace-style const minP = (): void => {
const minP = () => { return new Promise<void>((ok, reject) => {
const minIntervalLimiter = new Limiter({ const minIntervalLimiter = new Limiter({
id: `${actor}:${limitation.key}:min`, id: `${actor}:${limitation.key}:min`,
duration: limitation.minInterval! * factor, duration: limitation.minInterval! * factor,
@ -62,18 +55,16 @@ export class RateLimiterService {
return reject({ code: 'BRIEF_REQUEST_INTERVAL', info }); return reject({ code: 'BRIEF_REQUEST_INTERVAL', info });
} else { } else {
if (hasLongTermLimit) { if (hasLongTermLimit) {
return maxP().then(ok, reject); return maxP();
} else { } else {
return ok(); return ok();
} }
} }
}); });
// eslint-disable-next-line brace-style };
}); };
// Long term limit // Long term limit
// eslint-disable-next-line brace-style const maxP = (): void => {
const maxP = () => { return new Promise<void>((ok, reject) => {
const limiter = new Limiter({ const limiter = new Limiter({
id: `${actor}:${limitation.key}`, id: `${actor}:${limitation.key}`,
duration: limitation.duration! * factor, duration: limitation.duration! * factor,
@ -94,8 +85,7 @@ export class RateLimiterService {
return ok(); return ok();
} }
}); });
// eslint-disable-next-line brace-style };
}); };
const hasShortTermLimit = typeof limitation.minInterval === 'number'; const hasShortTermLimit = typeof limitation.minInterval === 'number';
@ -104,12 +94,12 @@ export class RateLimiterService {
typeof limitation.max === 'number'; typeof limitation.max === 'number';
if (hasShortTermLimit) { if (hasShortTermLimit) {
return minP(); minP();
} else if (hasLongTermLimit) { } else if (hasLongTermLimit) {
return maxP(); maxP();
} else { } else {
return Promise.resolve(); ok();
} }
} });
} }
} }

View File

@ -251,14 +251,14 @@ importers:
specifier: 4.0.0 specifier: 4.0.0
version: 4.0.0 version: 4.0.0
glob: glob:
specifier: 10.3.10 specifier: 11.0.0
version: 10.3.10 version: 11.0.0
got: got:
specifier: 14.4.2 specifier: 14.4.2
version: 14.4.2 version: 14.4.2
happy-dom: happy-dom:
specifier: 15.6.1 specifier: 15.7.4
version: 15.6.1 version: 15.7.4
hpagent: hpagent:
specifier: 1.2.0 specifier: 1.2.0
version: 1.2.0 version: 1.2.0
@ -7580,11 +7580,6 @@ packages:
engines: {node: '>=16 || 14 >=14.17'} engines: {node: '>=16 || 14 >=14.17'}
hasBin: true hasBin: true
glob@10.4.2:
resolution: {integrity: sha512-GwMlUF6PkPo3Gk21UxkCohOv0PLcIXVtKyLlpEI28R/cO/4eNOdmLk3CMW1wROV/WR/EsZOWAfBbBOqYvs88/w==}
engines: {node: '>=16 || 14 >=14.18'}
hasBin: true
glob@11.0.0: glob@11.0.0:
resolution: {integrity: sha512-9UiX/Bl6J2yaBbxKoEBRm4Cipxgok8kQYcOPEhScPwebu2I0HoQOuYdIO6S3hLuWoZgpDpwQZMzTFxgpkyT76g==} resolution: {integrity: sha512-9UiX/Bl6J2yaBbxKoEBRm4Cipxgok8kQYcOPEhScPwebu2I0HoQOuYdIO6S3hLuWoZgpDpwQZMzTFxgpkyT76g==}
engines: {node: 20 || >=22} engines: {node: 20 || >=22}
@ -7671,8 +7666,8 @@ packages:
happy-dom@10.0.3: happy-dom@10.0.3:
resolution: {integrity: sha512-WkCP+Z5fX6U5PY+yHP3ElV5D9PoxRAHRWPFq3pG9rg/6Hjf5ak7dozAgSCywsTRUq2qfa8vV8OQvUy5pRXy8EQ==} resolution: {integrity: sha512-WkCP+Z5fX6U5PY+yHP3ElV5D9PoxRAHRWPFq3pG9rg/6Hjf5ak7dozAgSCywsTRUq2qfa8vV8OQvUy5pRXy8EQ==}
happy-dom@15.6.1: happy-dom@15.7.4:
resolution: {integrity: sha512-dsMHLsJHZYhXeExP47B2siAfKNVxptlwFss3/bq/9sG3iBt0P2WYFBq68JgMR5vB5gsN2Ev0feTTPD/+rosUNQ==} resolution: {integrity: sha512-r1vadDYGMtsHAAsqhDuk4IpPvr6N8MGKy5ntBo7tSdim+pWDxus2PNqOcOt8LuDZ4t3KJHE+gCuzupcx/GKnyQ==}
engines: {node: '>=18.0.0'} engines: {node: '>=18.0.0'}
hard-rejection@2.1.0: hard-rejection@2.1.0:
@ -7902,6 +7897,7 @@ packages:
inflight@1.0.6: inflight@1.0.6:
resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==}
deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
inherits@2.0.4: inherits@2.0.4:
resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
@ -8220,10 +8216,6 @@ packages:
resolution: {integrity: sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==} resolution: {integrity: sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==}
engines: {node: '>=14'} engines: {node: '>=14'}
jackspeak@3.4.0:
resolution: {integrity: sha512-JVYhQnN59LVPFCEcVa2C3CrEKYacvjRfqIQl+h8oi91aLYQVWRYbxjPcv1bUiUy/kLmQaANrYfNMCO3kuEDHfw==}
engines: {node: '>=14'}
jackspeak@4.0.1: jackspeak@4.0.1:
resolution: {integrity: sha512-cub8rahkh0Q/bw1+GxP7aeSe29hHHn2V4m29nnDlvCdlgU+3UGxkZp7Z53jLUdpX3jdTO0nJZUDl3xvbWc2Xog==} resolution: {integrity: sha512-cub8rahkh0Q/bw1+GxP7aeSe29hHHn2V4m29nnDlvCdlgU+3UGxkZp7Z53jLUdpX3jdTO0nJZUDl3xvbWc2Xog==}
engines: {node: 20 || >=22} engines: {node: 20 || >=22}
@ -9538,10 +9530,6 @@ packages:
resolution: {integrity: sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==} resolution: {integrity: sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==}
engines: {node: '>=16 || 14 >=14.17'} engines: {node: '>=16 || 14 >=14.17'}
path-scurry@1.11.1:
resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
engines: {node: '>=16 || 14 >=14.18'}
path-scurry@2.0.0: path-scurry@2.0.0:
resolution: {integrity: sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==} resolution: {integrity: sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==}
engines: {node: 20 || >=22} engines: {node: 20 || >=22}
@ -11121,7 +11109,6 @@ packages:
ts-case-convert@2.0.2: ts-case-convert@2.0.2:
resolution: {integrity: sha512-vdKfx1VAdpvEBOBv5OpVu5ZFqRg9HdTI4sYt6qqMeICBeNyXvitrarCnFWNDAki51IKwCyx+ZssY46Q9jH5otA==} resolution: {integrity: sha512-vdKfx1VAdpvEBOBv5OpVu5ZFqRg9HdTI4sYt6qqMeICBeNyXvitrarCnFWNDAki51IKwCyx+ZssY46Q9jH5otA==}
bundledDependencies: []
ts-dedent@2.2.0: ts-dedent@2.2.0:
resolution: {integrity: sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==} resolution: {integrity: sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==}
@ -11633,8 +11620,8 @@ packages:
vue-component-type-helpers@2.0.29: vue-component-type-helpers@2.0.29:
resolution: {integrity: sha512-58i+ZhUAUpwQ+9h5Hck0D+jr1qbYl4voRt5KffBx8qzELViQ4XdT/Tuo+mzq8u63teAG8K0lLaOiL5ofqW38rg==} resolution: {integrity: sha512-58i+ZhUAUpwQ+9h5Hck0D+jr1qbYl4voRt5KffBx8qzELViQ4XdT/Tuo+mzq8u63teAG8K0lLaOiL5ofqW38rg==}
vue-component-type-helpers@2.1.2: vue-component-type-helpers@2.1.6:
resolution: {integrity: sha512-URuxnrOhO9lUG4LOAapGWBaa/WOLDzzyAbL+uKZqT7RS+PFy0cdXI2mUSh7GaMts6vtHaeVbGk7trd0FPJi65Q==} resolution: {integrity: sha512-ng11B8B/ZADUMMOsRbqv0arc442q7lifSubD0v8oDXIFoMg/mXwAPUunrroIDkY+mcD0dHKccdaznSVp8EoX3w==}
vue-demi@0.14.7: vue-demi@0.14.7:
resolution: {integrity: sha512-EOG8KXDQNwkJILkx/gPcoL/7vH+hORoBaKgGe+6W7VFMvCYJfmF2dGbvgDroVnI8LU7/kTu8mbjRZGBU1z9NTA==} resolution: {integrity: sha512-EOG8KXDQNwkJILkx/gPcoL/7vH+hORoBaKgGe+6W7VFMvCYJfmF2dGbvgDroVnI8LU7/kTu8mbjRZGBU1z9NTA==}
@ -14082,7 +14069,7 @@ snapshots:
content-disposition: 0.5.4 content-disposition: 0.5.4
fastify-plugin: 4.5.0 fastify-plugin: 4.5.0
fastq: 1.17.1 fastq: 1.17.1
glob: 10.4.2 glob: 10.3.10
'@fastify/view@8.2.0': '@fastify/view@8.2.0':
dependencies: dependencies:
@ -16281,7 +16268,7 @@ snapshots:
ts-dedent: 2.2.0 ts-dedent: 2.2.0
type-fest: 2.19.0 type-fest: 2.19.0
vue: 3.4.37(typescript@5.5.4) vue: 3.4.37(typescript@5.5.4)
vue-component-type-helpers: 2.1.2 vue-component-type-helpers: 2.1.6
transitivePeerDependencies: transitivePeerDependencies:
- encoding - encoding
- prettier - prettier
@ -16300,7 +16287,7 @@ snapshots:
ts-dedent: 2.2.0 ts-dedent: 2.2.0
type-fest: 2.19.0 type-fest: 2.19.0
vue: 3.4.37(typescript@5.5.4) vue: 3.4.37(typescript@5.5.4)
vue-component-type-helpers: 2.1.2 vue-component-type-helpers: 2.1.6
'@swc/cli@0.3.12(@swc/core@1.6.6)(chokidar@3.5.3)': '@swc/cli@0.3.12(@swc/core@1.6.6)(chokidar@3.5.3)':
dependencies: dependencies:
@ -20034,15 +20021,6 @@ snapshots:
minipass: 7.0.4 minipass: 7.0.4
path-scurry: 1.10.1 path-scurry: 1.10.1
glob@10.4.2:
dependencies:
foreground-child: 3.1.1
jackspeak: 3.4.0
minimatch: 9.0.4
minipass: 7.1.2
package-json-from-dist: 1.0.0
path-scurry: 1.11.1
glob@11.0.0: glob@11.0.0:
dependencies: dependencies:
foreground-child: 3.1.1 foreground-child: 3.1.1
@ -20179,7 +20157,7 @@ snapshots:
whatwg-encoding: 2.0.0 whatwg-encoding: 2.0.0
whatwg-mimetype: 3.0.0 whatwg-mimetype: 3.0.0
happy-dom@15.6.1: happy-dom@15.7.4:
dependencies: dependencies:
entities: 4.5.0 entities: 4.5.0
webidl-conversions: 7.0.0 webidl-conversions: 7.0.0
@ -20694,12 +20672,6 @@ snapshots:
optionalDependencies: optionalDependencies:
'@pkgjs/parseargs': 0.11.0 '@pkgjs/parseargs': 0.11.0
jackspeak@3.4.0:
dependencies:
'@isaacs/cliui': 8.0.2
optionalDependencies:
'@pkgjs/parseargs': 0.11.0
jackspeak@4.0.1: jackspeak@4.0.1:
dependencies: dependencies:
'@isaacs/cliui': 8.0.2 '@isaacs/cliui': 8.0.2
@ -22434,11 +22406,6 @@ snapshots:
lru-cache: 10.2.2 lru-cache: 10.2.2
minipass: 7.0.4 minipass: 7.0.4
path-scurry@1.11.1:
dependencies:
lru-cache: 10.2.2
minipass: 7.1.2
path-scurry@2.0.0: path-scurry@2.0.0:
dependencies: dependencies:
lru-cache: 11.0.0 lru-cache: 11.0.0
@ -24597,7 +24564,7 @@ snapshots:
vue-component-type-helpers@2.0.29: {} vue-component-type-helpers@2.0.29: {}
vue-component-type-helpers@2.1.2: {} vue-component-type-helpers@2.1.6: {}
vue-demi@0.14.7(vue@3.4.37(typescript@5.5.4)): vue-demi@0.14.7(vue@3.4.37(typescript@5.5.4)):
dependencies: dependencies: