Allow ratelimiting on keys not in req.params

2016-10-26 02:36:37 +00:00 · 2016-10-26 02:36:37 +00:00 · b269bcbb33
commit b269bcbb33
--- a/node_modules/c9/ratelimit.js
+++ b/node_modules/c9/ratelimit.js
@ -9,6 +9,12 @@ module.exports = ratelimit;

 function ratelimit(key, duration, max) {
    var requests = Object.create(null); // in case there handles like 'constructor'
+    var rootKey = "params"; 
+    if (/^req\./.test(key)) {
+        rootKey = null;
+        key = key.replace(/^req\./, "");
+    } 
+    
    setInterval(function() {
        Object.keys(requests).forEach(expireRequests);
    }, Math.min(duration * 0.75, MAX_EXPIRE_INTERVAL));
@ -38,7 +44,8 @@ function ratelimit(key, duration, max) {
    }
    
    return function(req, res, next) {
-        var handle = resolveValue(req.params, key);
+        var root = rootKey ? req[rootKey] : req;
+        var handle = resolveValue(root, key);

        requests[handle] = requests[handle] || [];
        if (requests[handle].length >= max) {
--- a/node_modules/c9/ratelimit_test.js
+++ b/node_modules/c9/ratelimit_test.js
@ -33,16 +33,35 @@ describe("ratelimit", function() {
    });
    
    it("Should work with deep keys", function (done) {
-        var limiter = ratelimit("user.id", 10, 1);
+        var limiter = ratelimit("user.id", 100, 1);
        limiter({params: {user: {id: "hey"}}}, null, function (err) {
            assert(!err, err);
            limiter({params: {user: {id: "yay"}}}, null, function (err) {
                assert(!err, err);
-                done();
+                limiter({params: {user: {id: "hey"}}}, null, function (err) {
+                    assert(err);
+                    assert.equal(err.code, 429);
+                    done();
+                });
            });
        });
    });
    
+    it("Should work with parameters directly on req, if req is specified as the first part of the deep key", function (done) {
+        var limiter = ratelimit("req.user.id", 100, 1);
+        limiter({user: {id: "hey"}}, null, function (err) {
+            assert(!err, err);
+            limiter({user: {id: "yay"}}, null, function (err) {
+                assert(!err, err);
+                limiter({user: {id: "hey"}}, null, function (err) {
+                    assert(err);
+                    assert.equal(err.code, 429);
+                    done();
+                });
+            });
+        });
+    })
+    
    it("Should work again after a delay", function (done) {
        var limiter = ratelimit("username", 10, 1);
        limiter({params: {username: "super"}}, null, function (err) {