kopia lustrzana https://github.com/c9/core
Allow ratelimiting on keys not in req.params
rodzic
315690a4c2
commit
b269bcbb33
|
@ -9,6 +9,12 @@ module.exports = ratelimit;
|
|||
|
||||
function ratelimit(key, duration, max) {
|
||||
var requests = Object.create(null); // in case there handles like 'constructor'
|
||||
var rootKey = "params";
|
||||
if (/^req\./.test(key)) {
|
||||
rootKey = null;
|
||||
key = key.replace(/^req\./, "");
|
||||
}
|
||||
|
||||
setInterval(function() {
|
||||
Object.keys(requests).forEach(expireRequests);
|
||||
}, Math.min(duration * 0.75, MAX_EXPIRE_INTERVAL));
|
||||
|
@ -38,7 +44,8 @@ function ratelimit(key, duration, max) {
|
|||
}
|
||||
|
||||
return function(req, res, next) {
|
||||
var handle = resolveValue(req.params, key);
|
||||
var root = rootKey ? req[rootKey] : req;
|
||||
var handle = resolveValue(root, key);
|
||||
|
||||
requests[handle] = requests[handle] || [];
|
||||
if (requests[handle].length >= max) {
|
||||
|
|
|
@ -33,16 +33,35 @@ describe("ratelimit", function() {
|
|||
});
|
||||
|
||||
it("Should work with deep keys", function (done) {
|
||||
var limiter = ratelimit("user.id", 10, 1);
|
||||
var limiter = ratelimit("user.id", 100, 1);
|
||||
limiter({params: {user: {id: "hey"}}}, null, function (err) {
|
||||
assert(!err, err);
|
||||
limiter({params: {user: {id: "yay"}}}, null, function (err) {
|
||||
assert(!err, err);
|
||||
done();
|
||||
limiter({params: {user: {id: "hey"}}}, null, function (err) {
|
||||
assert(err);
|
||||
assert.equal(err.code, 429);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it("Should work with parameters directly on req, if req is specified as the first part of the deep key", function (done) {
|
||||
var limiter = ratelimit("req.user.id", 100, 1);
|
||||
limiter({user: {id: "hey"}}, null, function (err) {
|
||||
assert(!err, err);
|
||||
limiter({user: {id: "yay"}}, null, function (err) {
|
||||
assert(!err, err);
|
||||
limiter({user: {id: "hey"}}, null, function (err) {
|
||||
assert(err);
|
||||
assert.equal(err.code, 429);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
})
|
||||
|
||||
it("Should work again after a delay", function (done) {
|
||||
var limiter = ratelimit("username", 10, 1);
|
||||
limiter({params: {username: "super"}}, null, function (err) {
|
||||
|
|
Ładowanie…
Reference in New Issue