LibreChat/api/server/middleware/limiters/sttLimiters.js

const rateLimit = require('express-rate-limit');
const { limiterCache } = require('@librechat/api');
const { ViolationTypes } = require('librechat-data-provider');
const logViolation = require('~/cache/logViolation');

const getEnvironmentVariables = () => {
  const STT_IP_MAX = parseInt(process.env.STT_IP_MAX) || 100;
  const STT_IP_WINDOW = parseInt(process.env.STT_IP_WINDOW) || 1;
  const STT_USER_MAX = parseInt(process.env.STT_USER_MAX) || 50;
  const STT_USER_WINDOW = parseInt(process.env.STT_USER_WINDOW) || 1;
  const STT_VIOLATION_SCORE = process.env.STT_VIOLATION_SCORE;

  const sttIpWindowMs = STT_IP_WINDOW * 60 * 1000;
  const sttIpMax = STT_IP_MAX;
  const sttIpWindowInMinutes = sttIpWindowMs / 60000;

  const sttUserWindowMs = STT_USER_WINDOW * 60 * 1000;
  const sttUserMax = STT_USER_MAX;
  const sttUserWindowInMinutes = sttUserWindowMs / 60000;

  return {
    sttIpWindowMs,
    sttIpMax,
    sttIpWindowInMinutes,
    sttUserWindowMs,
    sttUserMax,
    sttUserWindowInMinutes,
    sttViolationScore: STT_VIOLATION_SCORE,
  };
};

const createSTTHandler = (ip = true) => {
  const { sttIpMax, sttIpWindowInMinutes, sttUserMax, sttUserWindowInMinutes, sttViolationScore } =
    getEnvironmentVariables();

  return async (req, res) => {
    const type = ViolationTypes.STT_LIMIT;
    const errorMessage = {
      type,
      max: ip ? sttIpMax : sttUserMax,
      limiter: ip ? 'ip' : 'user',
      windowInMinutes: ip ? sttIpWindowInMinutes : sttUserWindowInMinutes,
    };

    await logViolation(req, res, type, errorMessage, sttViolationScore);
    res.status(429).json({ message: 'Too many STT requests. Try again later' });
  };
};

const createSTTLimiters = () => {
  const { sttIpWindowMs, sttIpMax, sttUserWindowMs, sttUserMax } = getEnvironmentVariables();

  const ipLimiterOptions = {
    windowMs: sttIpWindowMs,
    max: sttIpMax,
    handler: createSTTHandler(),
    store: limiterCache('stt_ip_limiter'),
  };

  const userLimiterOptions = {
    windowMs: sttUserWindowMs,
    max: sttUserMax,
    handler: createSTTHandler(false),
    keyGenerator: function (req) {
      return req.user?.id; // Use the user ID or NULL if not available
    },
    store: limiterCache('stt_user_limiter'),
  };

  const sttIpLimiter = rateLimit(ipLimiterOptions);
  const sttUserLimiter = rateLimit(userLimiterOptions);

  return { sttIpLimiter, sttUserLimiter };
};

module.exports = createSTTLimiters;
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00			`const rateLimit = require('express-rate-limit');`
🔄 refactor: Migrate Cache Logic to TypeScript (#9771) * Refactor: Moved Redis cache infra logic into `packages/api` - Moved cacheFactory and redisClients from `api/cache` into `packages/api/src/cache` so that features in `packages/api` can use cache without importing backward from the backend. - Converted all moved files into TS with proper typing. - Created integration tests to run against actual Redis servers for redisClients and cacheFactory. - Added a GitHub workflow to run integration tests for the cache feature. - Bug fix: keyvRedisClient now implements the PING feature properly. * chore: consolidate imports in getLogStores.js * chore: reorder imports * chore: re-add fs-extra as dev dep. * chore: reorder imports in cacheConfig.ts, cacheFactory.ts, and keyvMongo.ts --------- Co-authored-by: Danny Avila <danny@librechat.ai> 2025-10-02 07:33:58 -06:00			`const { limiterCache } = require('@librechat/api');`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00			`const { ViolationTypes } = require('librechat-data-provider');`
			`const logViolation = require('~/cache/logViolation');`

			`const getEnvironmentVariables = () => {`
			`const STT_IP_MAX = parseInt(process.env.STT_IP_MAX) \|\| 100;`
			`const STT_IP_WINDOW = parseInt(process.env.STT_IP_WINDOW) \|\| 1;`
			`const STT_USER_MAX = parseInt(process.env.STT_USER_MAX) \|\| 50;`
			`const STT_USER_WINDOW = parseInt(process.env.STT_USER_WINDOW) \|\| 1;`
⚖️ feat: Add Violation Scores (#8304) - Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file. - Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type. - Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations. 2025-07-07 17:08:40 -04:00			`const STT_VIOLATION_SCORE = process.env.STT_VIOLATION_SCORE;`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00
			`const sttIpWindowMs = STT_IP_WINDOW * 60 * 1000;`
			`const sttIpMax = STT_IP_MAX;`
			`const sttIpWindowInMinutes = sttIpWindowMs / 60000;`

			`const sttUserWindowMs = STT_USER_WINDOW * 60 * 1000;`
			`const sttUserMax = STT_USER_MAX;`
			`const sttUserWindowInMinutes = sttUserWindowMs / 60000;`

			`return {`
			`sttIpWindowMs,`
			`sttIpMax,`
			`sttIpWindowInMinutes,`
			`sttUserWindowMs,`
			`sttUserMax,`
			`sttUserWindowInMinutes,`
⚖️ feat: Add Violation Scores (#8304) - Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file. - Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type. - Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations. 2025-07-07 17:08:40 -04:00			`sttViolationScore: STT_VIOLATION_SCORE,`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00			`};`
			`};`

			`const createSTTHandler = (ip = true) => {`
⚖️ feat: Add Violation Scores (#8304) - Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file. - Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type. - Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations. 2025-07-07 17:08:40 -04:00			`const { sttIpMax, sttIpWindowInMinutes, sttUserMax, sttUserWindowInMinutes, sttViolationScore } =`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00			`getEnvironmentVariables();`

			`return async (req, res) => {`
			`const type = ViolationTypes.STT_LIMIT;`
			`const errorMessage = {`
			`type,`
			`max: ip ? sttIpMax : sttUserMax,`
			`limiter: ip ? 'ip' : 'user',`
			`windowInMinutes: ip ? sttIpWindowInMinutes : sttUserWindowInMinutes,`
			`};`

⚖️ feat: Add Violation Scores (#8304) - Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file. - Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type. - Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations. 2025-07-07 17:08:40 -04:00			`await logViolation(req, res, type, errorMessage, sttViolationScore);`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00			`res.status(429).json({ message: 'Too many STT requests. Try again later' });`
			`};`
			`};`

			`const createSTTLimiters = () => {`
			`const { sttIpWindowMs, sttIpMax, sttUserWindowMs, sttUserMax } = getEnvironmentVariables();`

🛠 feat: Enhance Redis Integration, Rate Limiters & Log Headers (#6462) * feat: Implement Redis-based rate limiting, initially import limits * feat: Enhance rate limiters with Redis support and custom prefixes * chore: import orders * chore: update JSDoc for next middleware parameter type in ban and limiter middleware * feat: add logHeaders middleware to log forwarded headers in requests * refactor: change log level from info to debug for Redis rate limiters * feat: increase Redis max listeners and refactor session storage to use Keyv 2025-03-21 14:14:45 -04:00			`const ipLimiterOptions = {`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00			`windowMs: sttIpWindowMs,`
			`max: sttIpMax,`
			`handler: createSTTHandler(),`
🏦 refactor: Centralize Caching & Redis Key Prefixing (#8457) * 🔧 Overhauled caching feature: - Refactored caching logic. - Fixed redis prefix, namespace, tls, ttl, and cluster. - Added REDIS_KEY_PREFIX_VAR * # refactor: Rename redisCache to standardCache * # Add Redis pinging mechanism to maintain connection. * # docs: Add warning about Keyv Redis client prefix support 2025-07-15 16:24:31 -06:00			`store: limiterCache('stt_ip_limiter'),`
🛠 feat: Enhance Redis Integration, Rate Limiters & Log Headers (#6462) * feat: Implement Redis-based rate limiting, initially import limits * feat: Enhance rate limiters with Redis support and custom prefixes * chore: import orders * chore: update JSDoc for next middleware parameter type in ban and limiter middleware * feat: add logHeaders middleware to log forwarded headers in requests * refactor: change log level from info to debug for Redis rate limiters * feat: increase Redis max listeners and refactor session storage to use Keyv 2025-03-21 14:14:45 -04:00			`};`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00
🛠 feat: Enhance Redis Integration, Rate Limiters & Log Headers (#6462) * feat: Implement Redis-based rate limiting, initially import limits * feat: Enhance rate limiters with Redis support and custom prefixes * chore: import orders * chore: update JSDoc for next middleware parameter type in ban and limiter middleware * feat: add logHeaders middleware to log forwarded headers in requests * refactor: change log level from info to debug for Redis rate limiters * feat: increase Redis max listeners and refactor session storage to use Keyv 2025-03-21 14:14:45 -04:00			`const userLimiterOptions = {`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00			`windowMs: sttUserWindowMs,`
			`max: sttUserMax,`
			`handler: createSTTHandler(false),`
			`keyGenerator: function (req) {`
			`return req.user?.id; // Use the user ID or NULL if not available`
			`},`
🏦 refactor: Centralize Caching & Redis Key Prefixing (#8457) * 🔧 Overhauled caching feature: - Refactored caching logic. - Fixed redis prefix, namespace, tls, ttl, and cluster. - Added REDIS_KEY_PREFIX_VAR * # refactor: Rename redisCache to standardCache * # Add Redis pinging mechanism to maintain connection. * # docs: Add warning about Keyv Redis client prefix support 2025-07-15 16:24:31 -06:00			`store: limiterCache('stt_user_limiter'),`
🛠 feat: Enhance Redis Integration, Rate Limiters & Log Headers (#6462) * feat: Implement Redis-based rate limiting, initially import limits * feat: Enhance rate limiters with Redis support and custom prefixes * chore: import orders * chore: update JSDoc for next middleware parameter type in ban and limiter middleware * feat: add logHeaders middleware to log forwarded headers in requests * refactor: change log level from info to debug for Redis rate limiters * feat: increase Redis max listeners and refactor session storage to use Keyv 2025-03-21 14:14:45 -04:00			`};`

			`const sttIpLimiter = rateLimit(ipLimiterOptions);`
			`const sttUserLimiter = rateLimit(userLimiterOptions);`
🔉 feat: TTS/STT rate limiters (#2925) * fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default 2024-05-30 18:39:21 -04:00
			`return { sttIpLimiter, sttUserLimiter };`
			`};`

			`module.exports = createSTTLimiters;`