1
0
mirror of https://gitlab.com/comunic/comunicapiv2 synced 2024-11-25 23:09:22 +00:00

Ready to implement API limit

This commit is contained in:
Pierre HUBERT 2020-03-25 09:04:04 +01:00
parent d6b5393fe4
commit 78a612048d
3 changed files with 79 additions and 9 deletions

View File

@ -0,0 +1,27 @@
/**
* API limits manager
*
* @author Pierre HUBERT
*/
import { RequestHandler } from "../entities/RequestHandler";
import { Action, APILimitHelper } from "../helpers/APILimitsHelper";
/**
* Trigger query limiter
*
* @param h Request handler
* @param action The action to check
* @param trigger TRUE if the counter has to be increased by one / else it is a simple check
*/
export async function limit_query(h: RequestHandler, action: Action, trigger: boolean) {
// Increment the number of actions / failures done by the user
if(trigger) {
await APILimitHelper.Trigger(h.remoteIP, action)
}
// Check for counter
if(await APILimitHelper.Count(h.remoteIP, action) > 10)
h.error(429, "Too many request. Please try again later.")
}

View File

@ -3,6 +3,8 @@ import { AccountHelper } from "../helpers/AccountHelper";
import { UserHelper } from "../helpers/UserHelper"; import { UserHelper } from "../helpers/UserHelper";
import { NewAccount } from "../entities/NewAccount"; import { NewAccount } from "../entities/NewAccount";
import { removeHTMLNodes } from "../utils/StringUtils"; import { removeHTMLNodes } from "../utils/StringUtils";
import { limit_query } from "./APILimitsController";
import { Action } from "../helpers/APILimitsHelper";
/** /**
* Account controller * Account controller
@ -44,27 +46,29 @@ export class AccountController {
/** /**
* Attempt to login user * Attempt to login user
* *
* @param handler * @param h Request handler
*/ */
public static async LoginUser(handler: RequestHandler) { public static async LoginUser(h: RequestHandler) {
// Get post data // Get post data
const email = handler.postEmail("userMail"); const email = h.postEmail("userMail");
const password = handler.postString("userPassword"); const password = h.postString("userPassword");
// TODO : add limits // Limit request
await limit_query(h, Action.LOGIN_FAILED, false);
// Authenticate user // Authenticate user
const tokens = await AccountHelper.LoginUser(email, password, handler.getClientInfo()); const tokens = await AccountHelper.LoginUser(email, password, h.getClientInfo());
if(tokens == null) { if(tokens == null) {
// TODO : add limits // Trigger limit
await limit_query(h, Action.LOGIN_FAILED, true);
handler.error(401, "Invalid e-mail address / password !"); h.error(401, "Invalid e-mail address / password !");
} }
// Success // Success
handler.send({ h.send({
success: "User signed in!", success: "User signed in!",
tokens: { tokens: {
token1: tokens.token1, token1: tokens.token1,

View File

@ -0,0 +1,39 @@
/**
* API Limits helper
*
* This implementation of API limits stores
* the counters inside memory, not in the databas
*
* @author Pierre HUBERT
*/
// Different supported actions
export enum Action {
LOGIN_FAILED = "login_failed",
CREATE_ACCOUNT = "create_account"
}
export class APILimitHelper {
/**
* Trigger the counter (increase it by one)
*
* @param ip Target IP address
* @param action The action to check
*/
public static async Trigger(ip: string, action: Action) {
// TODO : trigger counter
}
/**
* Count the number of actions perfomed by a user
*
* @param ip Target IP address
* @param action The action to check
*/
public static async Count(ip: string, action: Action) : Promise<number> {
// TODO : return count
return 0;
}
}