use the correct remote address
we're doing the same thing that Fastify does in the non-streaming ServerService
This commit is contained in:
parent
311a31da58
commit
4cd44130e0
@ -156,6 +156,7 @@
|
|||||||
"pkce-challenge": "4.1.0",
|
"pkce-challenge": "4.1.0",
|
||||||
"probe-image-size": "7.2.3",
|
"probe-image-size": "7.2.3",
|
||||||
"promise-limit": "2.7.0",
|
"promise-limit": "2.7.0",
|
||||||
|
"proxy-addr": "^2.0.7",
|
||||||
"pug": "3.0.2",
|
"pug": "3.0.2",
|
||||||
"punycode": "2.3.1",
|
"punycode": "2.3.1",
|
||||||
"qrcode": "1.5.3",
|
"qrcode": "1.5.3",
|
||||||
|
@ -22,6 +22,7 @@ import { ChannelsService } from './stream/ChannelsService.js';
|
|||||||
import { RateLimiterService } from './RateLimiterService.js';
|
import { RateLimiterService } from './RateLimiterService.js';
|
||||||
import { RoleService } from '@/core/RoleService.js';
|
import { RoleService } from '@/core/RoleService.js';
|
||||||
import { getIpHash } from '@/misc/get-ip-hash.js';
|
import { getIpHash } from '@/misc/get-ip-hash.js';
|
||||||
|
import proxyAddr from 'proxy-addr';
|
||||||
import ms from 'ms';
|
import ms from 'ms';
|
||||||
import type * as http from 'node:http';
|
import type * as http from 'node:http';
|
||||||
import type { IEndpointMeta } from './endpoints.js';
|
import type { IEndpointMeta } from './endpoints.js';
|
||||||
@ -69,7 +70,9 @@ export class StreamingApiServerService {
|
|||||||
if (factor <= 0) return false;
|
if (factor <= 0) return false;
|
||||||
|
|
||||||
// Rate limit
|
// Rate limit
|
||||||
return await this.rateLimiterService.limit(limit, limitActor, factor).then(() => { return false }).catch(err => { return true });
|
return await this.rateLimiterService.limit(limit, limitActor, factor)
|
||||||
|
.then(() => { return false; })
|
||||||
|
.catch(err => { return true; });
|
||||||
}
|
}
|
||||||
|
|
||||||
@bindThis
|
@bindThis
|
||||||
@ -85,7 +88,12 @@ export class StreamingApiServerService {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (await this.rateLimitThis(null, request.socket.remoteAddress, {
|
// ServerServices sets `trustProxy: true`, which inside
|
||||||
|
// fastify/request.js ends up calling `proxyAddr` in this way,
|
||||||
|
// so we do the same
|
||||||
|
const requestIp = proxyAddr(request, () => { return true; } );
|
||||||
|
|
||||||
|
if (await this.rateLimitThis(null, requestIp, {
|
||||||
key: 'wsconnect',
|
key: 'wsconnect',
|
||||||
duration: ms('1min'),
|
duration: ms('1min'),
|
||||||
max: 20,
|
max: 20,
|
||||||
@ -134,7 +142,7 @@ export class StreamingApiServerService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const rateLimiter = () => {
|
const rateLimiter = () => {
|
||||||
return this.rateLimitThis(user, request.socket.remoteAddress, {
|
return this.rateLimitThis(user, requestIp, {
|
||||||
key: 'wsmessage',
|
key: 'wsmessage',
|
||||||
duration: ms('1sec'),
|
duration: ms('1sec'),
|
||||||
max: 100,
|
max: 100,
|
||||||
|
@ -352,6 +352,9 @@ importers:
|
|||||||
promise-limit:
|
promise-limit:
|
||||||
specifier: 2.7.0
|
specifier: 2.7.0
|
||||||
version: 2.7.0
|
version: 2.7.0
|
||||||
|
proxy-addr:
|
||||||
|
specifier: ^2.0.7
|
||||||
|
version: 2.0.7
|
||||||
pug:
|
pug:
|
||||||
specifier: 3.0.2
|
specifier: 3.0.2
|
||||||
version: 3.0.2
|
version: 3.0.2
|
||||||
|
Loading…
Reference in New Issue
Block a user