-
Notifications
You must be signed in to change notification settings - Fork 11
/
ThrottleRequests.js
100 lines (88 loc) · 2.83 KB
/
ThrottleRequests.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
'use strict'
/**
* adonis-throttle
*
* (c) Ron Masas <ronmasas@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
const Crypto = require('crypto')
const TooManyRequestsException = require('../src/Exceptions/TooManyRequests')
class ThrottleRequests {
constructor(throttle) {
this.throttle = throttle
}
/**
*
* Handle an incoming request.
*
* @param {Request} request
* @param {Response} response
* @param {Function} next
* @param {Number} maxAttempts [optional, default = 60]
* @param {Number} decayInSeconds [optional, default = 1]
* @param {String} uid
* @return {Response|Function}
*
* @public
*/
async handle({request, response}, next, [ maxAttempts = 60, decayInSeconds = 60 ], uid = false) {
const signature = this._resolveSignature(request, uid)
this.throttle.resource(signature, parseInt(maxAttempts), parseInt(decayInSeconds))
if (!this.throttle.attempt()) {
this.throttle.incrementExpiration()
this._addHeaders(
response,
maxAttempts,
this.throttle.remainingAttempts(),
this.throttle.store.secondsToExpiration(this.throttle.key)
)
throw new TooManyRequestsException('Too Many Attempts.')
}
this._addHeaders(
response,
maxAttempts,
this.throttle.remainingAttempts()
)
await next()
}
/**
* Resolve signature.
*
* @param {Request} request
* @param {String} uid
* @return {String}
*
* @private
*/
_resolveSignature(request, uid) {
let generator = Crypto.createHash('sha1')
if (uid === false) {
generator.update(`${request.method()}|${request.url()}|${request.ip()}`)
} else {
generator.update(uid)
}
return generator.digest('hex')
}
/**
* Add the limit header information to the given response.
*
* @param {Response} response
* @param {Number} maxAttempts
* @param {Number} remainingAttempts
* @param {Number} retryAfter [optional, default = null]
* @return {void}
*
* @private
*/
_addHeaders(response, maxAttempts, remainingAttempts, retryAfter = null) {
response.header('X-RateLimit-Limit', maxAttempts)
response.header('X-RateLimit-Remaining', remainingAttempts)
if (retryAfter !== null) {
response.header('Retry-After', retryAfter)
response.header('X-RateLimit-Reset', new Date().getTime() + (retryAfter * 1000))
}
}
}
module.exports = ThrottleRequests