feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)
* refactor: require Auth middleware in route index files
* feat: concurrent message limiter
* feat: complete concurrent message limiter with caching
* refactor: SSE response methods separated from handleText
* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body
* chore: minor name changes
* refactor: add isUUID condition to saveMessage
* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization
* chore: bump keyv and remove console.log from Message
* fix(concurrentLimiter): ensure messages are only saved in later message children
* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future
* feat: add denyRequest function for error responses
* feat(utils): add isStringTruthy function
Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'
* feat: add optional message rate limiters by IP and userId
* feat: add optional message rate limiters by IP and userId to edit route
* refactor: rename isStringTruthy to isTrue for brevity
* refactor(getError): use map to make code cleaner
* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation
* feat: check if errorMessage is object, stringify if so
* chore: send object to denyRequest which will stringify it
* feat: log excessive requests
* fix(getError): correctly pluralize messages
* refactor(limiters): make type consistent between logs and errorMessage
* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation
* fix: cache/index.js export, properly record userViolations
* refactor(messageLimiters): use new logging method, add logging to registrations
* refactor(logViolation): make userLogs an array of logs per user
* feat: add logging to login limiter
* refactor: pass req as first param to logViolation and record offending IP
* refactor: rename isTrue helper fn to isEnabled
* feat: add simple non_browser check and log violation
* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch
* chore: adjust nodemon ignore paths to properly ignore logs
* feat: add math helper function for safe use of eval
* refactor(api/convos): use middleware at top of file to avoid redundancy
* feat: add delete all static method for Sessions
* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)
* refactor(getLogStores): adjust return type
* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects
* feat: add removePorts helper function
* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors
* fix(AuthContext): fix type issue and remove unused code
* refactor(bans): ban by ip and user id, send response based on origin
* chore: add frontend ban messages
* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy
* feat: add ban check to AI messaging routes
* feat: add ban check to login/registration
* fix(ci/api): mock KeyvMongo to avoid tests hanging
* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected
* docs: improve wording for mod system
* feat: add configurable env variables for violation scores
* chore: add jsdoc for uaParser.js
* chore: improve ban text log
* chore: update bun test scripts
* refactor(math.js): add fallback values
* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type
* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0
* fix(banViolation.js): getLogStores import
* feat: handle 500 code error at login
* fix(middleware): handle case where user.id is _id and not just id
* ci: add ban secrets for backend unit tests
* refactor: logout user upon ban
* chore: log session delete message only if deletedCount > 0
* refactor: change default ban duration (2h) and make logic more clear in JSDOC
* fix: login and registration limiters will now return rate limiting error
* fix: userId not parsable as non ObjectId string
* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common
* fix: login error message for rate limits
* docs: add info for automated mod system and rate limiters, update other docs accordingly
* chore: bump data-provider version
2023-09-13 10:57:07 -04:00
|
|
|
const banViolation = require('./banViolation');
|
|
|
|
|
|
|
|
|
|
jest.mock('keyv');
|
|
|
|
|
jest.mock('../models/Session');
|
|
|
|
|
// Mocking the getLogStores function
|
|
|
|
|
jest.mock('./getLogStores', () => {
|
|
|
|
|
return jest.fn().mockImplementation(() => {
|
|
|
|
|
const EventEmitter = require('events');
|
2024-04-20 15:02:56 -04:00
|
|
|
const { CacheKeys } = require('librechat-data-provider');
|
feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)
* refactor: require Auth middleware in route index files
* feat: concurrent message limiter
* feat: complete concurrent message limiter with caching
* refactor: SSE response methods separated from handleText
* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body
* chore: minor name changes
* refactor: add isUUID condition to saveMessage
* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization
* chore: bump keyv and remove console.log from Message
* fix(concurrentLimiter): ensure messages are only saved in later message children
* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future
* feat: add denyRequest function for error responses
* feat(utils): add isStringTruthy function
Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'
* feat: add optional message rate limiters by IP and userId
* feat: add optional message rate limiters by IP and userId to edit route
* refactor: rename isStringTruthy to isTrue for brevity
* refactor(getError): use map to make code cleaner
* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation
* feat: check if errorMessage is object, stringify if so
* chore: send object to denyRequest which will stringify it
* feat: log excessive requests
* fix(getError): correctly pluralize messages
* refactor(limiters): make type consistent between logs and errorMessage
* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation
* fix: cache/index.js export, properly record userViolations
* refactor(messageLimiters): use new logging method, add logging to registrations
* refactor(logViolation): make userLogs an array of logs per user
* feat: add logging to login limiter
* refactor: pass req as first param to logViolation and record offending IP
* refactor: rename isTrue helper fn to isEnabled
* feat: add simple non_browser check and log violation
* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch
* chore: adjust nodemon ignore paths to properly ignore logs
* feat: add math helper function for safe use of eval
* refactor(api/convos): use middleware at top of file to avoid redundancy
* feat: add delete all static method for Sessions
* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)
* refactor(getLogStores): adjust return type
* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects
* feat: add removePorts helper function
* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors
* fix(AuthContext): fix type issue and remove unused code
* refactor(bans): ban by ip and user id, send response based on origin
* chore: add frontend ban messages
* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy
* feat: add ban check to AI messaging routes
* feat: add ban check to login/registration
* fix(ci/api): mock KeyvMongo to avoid tests hanging
* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected
* docs: improve wording for mod system
* feat: add configurable env variables for violation scores
* chore: add jsdoc for uaParser.js
* chore: improve ban text log
* chore: update bun test scripts
* refactor(math.js): add fallback values
* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type
* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0
* fix(banViolation.js): getLogStores import
* feat: handle 500 code error at login
* fix(middleware): handle case where user.id is _id and not just id
* ci: add ban secrets for backend unit tests
* refactor: logout user upon ban
* chore: log session delete message only if deletedCount > 0
* refactor: change default ban duration (2h) and make logic more clear in JSDOC
* fix: login and registration limiters will now return rate limiting error
* fix: userId not parsable as non ObjectId string
* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common
* fix: login error message for rate limits
* docs: add info for automated mod system and rate limiters, update other docs accordingly
* chore: bump data-provider version
2023-09-13 10:57:07 -04:00
|
|
|
const math = require('../server/utils/math');
|
|
|
|
|
const mockGet = jest.fn();
|
|
|
|
|
const mockSet = jest.fn();
|
|
|
|
|
class KeyvMongo extends EventEmitter {
|
|
|
|
|
constructor(url = 'mongodb://127.0.0.1:27017', options) {
|
|
|
|
|
super();
|
|
|
|
|
this.ttlSupport = false;
|
|
|
|
|
url = url ?? {};
|
|
|
|
|
if (typeof url === 'string') {
|
|
|
|
|
url = { url };
|
|
|
|
|
}
|
|
|
|
|
if (url.uri) {
|
|
|
|
|
url = { url: url.uri, ...url };
|
|
|
|
|
}
|
|
|
|
|
this.opts = {
|
|
|
|
|
url,
|
|
|
|
|
collection: 'keyv',
|
|
|
|
|
...url,
|
|
|
|
|
...options,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
get = mockGet;
|
|
|
|
|
set = mockSet;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return new KeyvMongo('', {
|
2024-04-20 15:02:56 -04:00
|
|
|
namespace: CacheKeys.BANS,
|
feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)
* refactor: require Auth middleware in route index files
* feat: concurrent message limiter
* feat: complete concurrent message limiter with caching
* refactor: SSE response methods separated from handleText
* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body
* chore: minor name changes
* refactor: add isUUID condition to saveMessage
* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization
* chore: bump keyv and remove console.log from Message
* fix(concurrentLimiter): ensure messages are only saved in later message children
* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future
* feat: add denyRequest function for error responses
* feat(utils): add isStringTruthy function
Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'
* feat: add optional message rate limiters by IP and userId
* feat: add optional message rate limiters by IP and userId to edit route
* refactor: rename isStringTruthy to isTrue for brevity
* refactor(getError): use map to make code cleaner
* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation
* feat: check if errorMessage is object, stringify if so
* chore: send object to denyRequest which will stringify it
* feat: log excessive requests
* fix(getError): correctly pluralize messages
* refactor(limiters): make type consistent between logs and errorMessage
* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation
* fix: cache/index.js export, properly record userViolations
* refactor(messageLimiters): use new logging method, add logging to registrations
* refactor(logViolation): make userLogs an array of logs per user
* feat: add logging to login limiter
* refactor: pass req as first param to logViolation and record offending IP
* refactor: rename isTrue helper fn to isEnabled
* feat: add simple non_browser check and log violation
* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch
* chore: adjust nodemon ignore paths to properly ignore logs
* feat: add math helper function for safe use of eval
* refactor(api/convos): use middleware at top of file to avoid redundancy
* feat: add delete all static method for Sessions
* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)
* refactor(getLogStores): adjust return type
* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects
* feat: add removePorts helper function
* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors
* fix(AuthContext): fix type issue and remove unused code
* refactor(bans): ban by ip and user id, send response based on origin
* chore: add frontend ban messages
* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy
* feat: add ban check to AI messaging routes
* feat: add ban check to login/registration
* fix(ci/api): mock KeyvMongo to avoid tests hanging
* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected
* docs: improve wording for mod system
* feat: add configurable env variables for violation scores
* chore: add jsdoc for uaParser.js
* chore: improve ban text log
* chore: update bun test scripts
* refactor(math.js): add fallback values
* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type
* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0
* fix(banViolation.js): getLogStores import
* feat: handle 500 code error at login
* fix(middleware): handle case where user.id is _id and not just id
* ci: add ban secrets for backend unit tests
* refactor: logout user upon ban
* chore: log session delete message only if deletedCount > 0
* refactor: change default ban duration (2h) and make logic more clear in JSDOC
* fix: login and registration limiters will now return rate limiting error
* fix: userId not parsable as non ObjectId string
* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common
* fix: login error message for rate limits
* docs: add info for automated mod system and rate limiters, update other docs accordingly
* chore: bump data-provider version
2023-09-13 10:57:07 -04:00
|
|
|
ttl: math(process.env.BAN_DURATION, 7200000),
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('banViolation', () => {
|
|
|
|
|
let req, res, errorMessage;
|
|
|
|
|
|
|
|
|
|
beforeEach(() => {
|
|
|
|
|
req = {
|
|
|
|
|
ip: '127.0.0.1',
|
|
|
|
|
cookies: {
|
|
|
|
|
refreshToken: 'someToken',
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
res = {
|
|
|
|
|
clearCookie: jest.fn(),
|
|
|
|
|
};
|
|
|
|
|
errorMessage = {
|
|
|
|
|
type: 'someViolation',
|
|
|
|
|
user_id: '12345',
|
|
|
|
|
prev_count: 0,
|
|
|
|
|
violation_count: 0,
|
|
|
|
|
};
|
|
|
|
|
process.env.BAN_VIOLATIONS = 'true';
|
|
|
|
|
process.env.BAN_DURATION = '7200000'; // 2 hours in ms
|
|
|
|
|
process.env.BAN_INTERVAL = '20';
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterEach(() => {
|
|
|
|
|
jest.clearAllMocks();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should not ban if BAN_VIOLATIONS are not enabled', async () => {
|
|
|
|
|
process.env.BAN_VIOLATIONS = 'false';
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeFalsy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should not ban if errorMessage is not provided', async () => {
|
|
|
|
|
await banViolation(req, res, null);
|
|
|
|
|
expect(errorMessage.ban).toBeFalsy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('[1/3] should ban if violation_count crosses the interval threshold: 19 -> 39', async () => {
|
|
|
|
|
errorMessage.prev_count = 19;
|
|
|
|
|
errorMessage.violation_count = 39;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeTruthy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('[2/3] should ban if violation_count crosses the interval threshold: 19 -> 20', async () => {
|
|
|
|
|
errorMessage.prev_count = 19;
|
|
|
|
|
errorMessage.violation_count = 20;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeTruthy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const randomValueAbove = Math.floor(20 + Math.random() * 100);
|
|
|
|
|
it(`[3/3] should ban if violation_count crosses the interval threshold: 19 -> ${randomValueAbove}`, async () => {
|
|
|
|
|
errorMessage.prev_count = 19;
|
|
|
|
|
errorMessage.violation_count = randomValueAbove;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeTruthy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should handle invalid BAN_INTERVAL and default to 20', async () => {
|
|
|
|
|
process.env.BAN_INTERVAL = 'invalid';
|
|
|
|
|
errorMessage.prev_count = 19;
|
|
|
|
|
errorMessage.violation_count = 39;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeTruthy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should ban if BAN_DURATION is invalid as default is 2 hours', async () => {
|
|
|
|
|
process.env.BAN_DURATION = 'invalid';
|
|
|
|
|
errorMessage.prev_count = 19;
|
|
|
|
|
errorMessage.violation_count = 39;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeTruthy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should not ban if BAN_DURATION is 0 but should clear cookies', async () => {
|
|
|
|
|
process.env.BAN_DURATION = '0';
|
|
|
|
|
errorMessage.prev_count = 19;
|
|
|
|
|
errorMessage.violation_count = 39;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(res.clearCookie).toHaveBeenCalledWith('refreshToken');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should not ban if violation_count does not change', async () => {
|
|
|
|
|
errorMessage.prev_count = 0;
|
|
|
|
|
errorMessage.violation_count = 0;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeFalsy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('[1/2] should not ban if violation_count does not cross the interval threshold: 0 -> 19', async () => {
|
|
|
|
|
errorMessage.prev_count = 0;
|
|
|
|
|
errorMessage.violation_count = 19;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeFalsy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const randomValueUnder = Math.floor(1 + Math.random() * 19);
|
|
|
|
|
it(`[2/2] should not ban if violation_count does not cross the interval threshold: 0 -> ${randomValueUnder}`, async () => {
|
|
|
|
|
errorMessage.prev_count = 0;
|
|
|
|
|
errorMessage.violation_count = randomValueUnder;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeFalsy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('[EDGE CASE] should not ban if violation_count is lower', async () => {
|
|
|
|
|
errorMessage.prev_count = 0;
|
|
|
|
|
errorMessage.violation_count = -10;
|
|
|
|
|
await banViolation(req, res, errorMessage);
|
|
|
|
|
expect(errorMessage.ban).toBeFalsy();
|
|
|
|
|
});
|
|
|
|
|
});
|