2025-07-07 16:23:15 -05:00
|
|
|
const { rateLimit, RateLimitRequestHandler } = require('express-rate-limit')
|
|
|
|
|
const Logger = require('../Logger')
|
2025-07-12 10:32:35 -05:00
|
|
|
const requestIp = require('../libs/requestIp')
|
2025-07-07 16:23:15 -05:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Factory for creating authentication rate limiters
|
|
|
|
|
*/
|
|
|
|
|
class RateLimiterFactory {
|
2025-07-12 10:51:07 -05:00
|
|
|
static DEFAULT_WINDOW_MS = 10 * 60 * 1000 // 10 minutes
|
|
|
|
|
static DEFAULT_MAX = 40 // 40 attempts
|
|
|
|
|
|
2025-07-07 16:23:15 -05:00
|
|
|
constructor() {
|
|
|
|
|
this.authRateLimiter = null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the authentication rate limiter
|
|
|
|
|
* @returns {RateLimitRequestHandler}
|
|
|
|
|
*/
|
|
|
|
|
getAuthRateLimiter() {
|
|
|
|
|
if (this.authRateLimiter) {
|
|
|
|
|
return this.authRateLimiter
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-12 10:51:07 -05:00
|
|
|
// Disable by setting max to 0
|
|
|
|
|
if (process.env.RATE_LIMIT_AUTH_MAX === '0') {
|
|
|
|
|
this.authRateLimiter = (req, res, next) => next()
|
|
|
|
|
Logger.info(`[RateLimiterFactory] Authentication rate limiting disabled by ENV variable`)
|
|
|
|
|
return this.authRateLimiter
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let windowMs = RateLimiterFactory.DEFAULT_WINDOW_MS
|
2025-07-07 16:23:15 -05:00
|
|
|
if (parseInt(process.env.RATE_LIMIT_AUTH_WINDOW) > 0) {
|
|
|
|
|
windowMs = parseInt(process.env.RATE_LIMIT_AUTH_WINDOW)
|
2025-07-12 10:51:07 -05:00
|
|
|
if (windowMs !== RateLimiterFactory.DEFAULT_WINDOW_MS) {
|
|
|
|
|
Logger.info(`[RateLimiterFactory] Authentication rate limiting window set to ${windowMs}ms by ENV variable`)
|
|
|
|
|
}
|
2025-07-07 16:23:15 -05:00
|
|
|
}
|
|
|
|
|
|
2025-07-12 10:51:07 -05:00
|
|
|
let max = RateLimiterFactory.DEFAULT_MAX
|
2025-07-07 16:23:15 -05:00
|
|
|
if (parseInt(process.env.RATE_LIMIT_AUTH_MAX) > 0) {
|
|
|
|
|
max = parseInt(process.env.RATE_LIMIT_AUTH_MAX)
|
2025-07-12 10:51:07 -05:00
|
|
|
if (max !== RateLimiterFactory.DEFAULT_MAX) {
|
|
|
|
|
Logger.info(`[RateLimiterFactory] Authentication rate limiting max set to ${max} by ENV variable`)
|
|
|
|
|
}
|
2025-07-07 16:23:15 -05:00
|
|
|
}
|
|
|
|
|
|
2025-07-12 10:32:35 -05:00
|
|
|
let message = 'Too many authentication requests'
|
2025-07-07 16:23:15 -05:00
|
|
|
if (process.env.RATE_LIMIT_AUTH_MESSAGE) {
|
|
|
|
|
message = process.env.RATE_LIMIT_AUTH_MESSAGE
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
this.authRateLimiter = rateLimit({
|
|
|
|
|
windowMs,
|
|
|
|
|
max,
|
|
|
|
|
standardHeaders: true,
|
|
|
|
|
legacyHeaders: false,
|
2025-07-12 10:32:35 -05:00
|
|
|
keyGenerator: (req) => {
|
|
|
|
|
// Override keyGenerator to handle proxy IPs
|
|
|
|
|
return requestIp.getClientIp(req) || req.ip
|
|
|
|
|
},
|
2025-07-07 16:23:15 -05:00
|
|
|
handler: (req, res) => {
|
|
|
|
|
const userAgent = req.get('User-Agent') || 'Unknown'
|
|
|
|
|
const endpoint = req.path
|
|
|
|
|
const method = req.method
|
2025-07-12 10:32:35 -05:00
|
|
|
const ip = requestIp.getClientIp(req) || req.ip
|
2025-07-07 16:23:15 -05:00
|
|
|
|
2025-07-12 10:32:35 -05:00
|
|
|
Logger.warn(`[RateLimiter] Rate limit exceeded - IP: ${ip}, Endpoint: ${method} ${endpoint}, User-Agent: ${userAgent}`)
|
2025-07-07 16:23:15 -05:00
|
|
|
|
|
|
|
|
res.status(429).json({
|
2025-07-12 10:32:35 -05:00
|
|
|
error: message
|
2025-07-07 16:23:15 -05:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
Logger.debug(`[RateLimiterFactory] Created auth rate limiter: ${max} attempts per ${windowMs / 1000 / 60} minutes`)
|
|
|
|
|
|
|
|
|
|
return this.authRateLimiter
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = new RateLimiterFactory()
|
