1
0
mirror of https://gitlab.com/comunic/comunicapiv2 synced 2024-12-27 22:18:52 +00:00

Ready to implement API limit

This commit is contained in:
Pierre HUBERT 2020-03-25 09:04:04 +01:00
parent d6b5393fe4
commit 78a612048d
3 changed files with 79 additions and 9 deletions

View File

@ -0,0 +1,27 @@
/**
* API limits manager
*
* @author Pierre HUBERT
*/
import { RequestHandler } from "../entities/RequestHandler";
import { Action, APILimitHelper } from "../helpers/APILimitsHelper";
/**
* Trigger query limiter
*
* @param h Request handler
* @param action The action to check
* @param trigger TRUE if the counter has to be increased by one / else it is a simple check
*/
export async function limit_query(h: RequestHandler, action: Action, trigger: boolean) {
// Increment the number of actions / failures done by the user
if(trigger) {
await APILimitHelper.Trigger(h.remoteIP, action)
}
// Check for counter
if(await APILimitHelper.Count(h.remoteIP, action) > 10)
h.error(429, "Too many request. Please try again later.")
}

View File

@ -3,6 +3,8 @@ import { AccountHelper } from "../helpers/AccountHelper";
import { UserHelper } from "../helpers/UserHelper";
import { NewAccount } from "../entities/NewAccount";
import { removeHTMLNodes } from "../utils/StringUtils";
import { limit_query } from "./APILimitsController";
import { Action } from "../helpers/APILimitsHelper";
/**
* Account controller
@ -44,27 +46,29 @@ export class AccountController {
/**
* Attempt to login user
*
* @param handler
* @param h Request handler
*/
public static async LoginUser(handler: RequestHandler) {
public static async LoginUser(h: RequestHandler) {
// Get post data
const email = handler.postEmail("userMail");
const password = handler.postString("userPassword");
const email = h.postEmail("userMail");
const password = h.postString("userPassword");
// TODO : add limits
// Limit request
await limit_query(h, Action.LOGIN_FAILED, false);
// Authenticate user
const tokens = await AccountHelper.LoginUser(email, password, handler.getClientInfo());
const tokens = await AccountHelper.LoginUser(email, password, h.getClientInfo());
if(tokens == null) {
// TODO : add limits
// Trigger limit
await limit_query(h, Action.LOGIN_FAILED, true);
handler.error(401, "Invalid e-mail address / password !");
h.error(401, "Invalid e-mail address / password !");
}
// Success
handler.send({
h.send({
success: "User signed in!",
tokens: {
token1: tokens.token1,

View File

@ -0,0 +1,39 @@
/**
* API Limits helper
*
* This implementation of API limits stores
* the counters inside memory, not in the databas
*
* @author Pierre HUBERT
*/
// Different supported actions
export enum Action {
LOGIN_FAILED = "login_failed",
CREATE_ACCOUNT = "create_account"
}
export class APILimitHelper {
/**
* Trigger the counter (increase it by one)
*
* @param ip Target IP address
* @param action The action to check
*/
public static async Trigger(ip: string, action: Action) {
// TODO : trigger counter
}
/**
* Count the number of actions perfomed by a user
*
* @param ip Target IP address
* @param action The action to check
*/
public static async Count(ip: string, action: Action) : Promise<number> {
// TODO : return count
return 0;
}
}