2024-05-30 18:39:21 -04:00
|
|
|
const rateLimit = require('express-rate-limit');
|
|
|
|
|
const { ViolationTypes } = require('librechat-data-provider');
|
🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319)
* fix: Add removePorts keyGenerator to all IP-based rate limiters
Six IP-based rate limiters are missing the `keyGenerator: removePorts`
option that is already used by the auth-related limiters (login,
register, resetPassword, verifyEmail). Without it, reverse proxies that
include ports in X-Forwarded-For headers cause
ERR_ERL_INVALID_IP_ADDRESS errors from express-rate-limit.
Fixes #12318
* fix: make removePorts IPv6-safe to prevent rate-limit key collisions
The original regex `/:\d+[^:]*$/` treated the last colon-delimited
segment of bare IPv6 addresses as a port, mangling valid IPs
(e.g. `::1` → `::`, `2001:db8::1` → `2001:db8::`). Distinct IPv6
clients could collapse into the same rate-limit bucket.
Use `net.isIP()` as a fast path for already-valid IPs, then match
bracketed IPv6+port and IPv4+port explicitly. Bare IPv6 addresses
are now returned unchanged.
Also fixes pre-existing property ordering inconsistency in
ttsLimiters.js userLimiterOptions (keyGenerator before store).
* refactor: move removePorts to packages/api as TypeScript, fix import order
- Move removePorts implementation to packages/api/src/utils/removePorts.ts
with proper Express Request typing
- Reduce api/server/utils/removePorts.js to a thin re-export from
@librechat/api for backward compatibility
- Consolidate removePorts import with limiterCache from @librechat/api
in all 6 limiter files, fixing import order (package imports shortest
to longest, local imports longest to shortest)
- Remove narrating inline comments per code style guidelines
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
2026-03-19 21:48:03 -04:00
|
|
|
const { limiterCache, removePorts } = require('@librechat/api');
|
2024-05-30 18:39:21 -04:00
|
|
|
const logViolation = require('~/cache/logViolation');
|
|
|
|
|
|
|
|
|
|
const getEnvironmentVariables = () => {
|
|
|
|
|
const TTS_IP_MAX = parseInt(process.env.TTS_IP_MAX) || 100;
|
|
|
|
|
const TTS_IP_WINDOW = parseInt(process.env.TTS_IP_WINDOW) || 1;
|
|
|
|
|
const TTS_USER_MAX = parseInt(process.env.TTS_USER_MAX) || 50;
|
|
|
|
|
const TTS_USER_WINDOW = parseInt(process.env.TTS_USER_WINDOW) || 1;
|
⚖️ feat: Add Violation Scores (#8304)
- Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file.
- Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type.
- Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations.
2025-07-07 17:08:40 -04:00
|
|
|
const TTS_VIOLATION_SCORE = process.env.TTS_VIOLATION_SCORE;
|
2024-05-30 18:39:21 -04:00
|
|
|
|
|
|
|
|
const ttsIpWindowMs = TTS_IP_WINDOW * 60 * 1000;
|
|
|
|
|
const ttsIpMax = TTS_IP_MAX;
|
|
|
|
|
const ttsIpWindowInMinutes = ttsIpWindowMs / 60000;
|
|
|
|
|
|
|
|
|
|
const ttsUserWindowMs = TTS_USER_WINDOW * 60 * 1000;
|
|
|
|
|
const ttsUserMax = TTS_USER_MAX;
|
|
|
|
|
const ttsUserWindowInMinutes = ttsUserWindowMs / 60000;
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
ttsIpWindowMs,
|
|
|
|
|
ttsIpMax,
|
|
|
|
|
ttsIpWindowInMinutes,
|
|
|
|
|
ttsUserWindowMs,
|
|
|
|
|
ttsUserMax,
|
|
|
|
|
ttsUserWindowInMinutes,
|
⚖️ feat: Add Violation Scores (#8304)
- Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file.
- Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type.
- Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations.
2025-07-07 17:08:40 -04:00
|
|
|
ttsViolationScore: TTS_VIOLATION_SCORE,
|
2024-05-30 18:39:21 -04:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const createTTSHandler = (ip = true) => {
|
⚖️ feat: Add Violation Scores (#8304)
- Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file.
- Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type.
- Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations.
2025-07-07 17:08:40 -04:00
|
|
|
const { ttsIpMax, ttsIpWindowInMinutes, ttsUserMax, ttsUserWindowInMinutes, ttsViolationScore } =
|
2024-05-30 18:39:21 -04:00
|
|
|
getEnvironmentVariables();
|
|
|
|
|
|
|
|
|
|
return async (req, res) => {
|
|
|
|
|
const type = ViolationTypes.TTS_LIMIT;
|
|
|
|
|
const errorMessage = {
|
|
|
|
|
type,
|
|
|
|
|
max: ip ? ttsIpMax : ttsUserMax,
|
|
|
|
|
limiter: ip ? 'ip' : 'user',
|
|
|
|
|
windowInMinutes: ip ? ttsIpWindowInMinutes : ttsUserWindowInMinutes,
|
|
|
|
|
};
|
|
|
|
|
|
⚖️ feat: Add Violation Scores (#8304)
- Introduced new violation scores for TTS, STT, Fork, Import, and File Upload actions in the .env.example file.
- Updated logViolation function to accept a score parameter, allowing for dynamic severity levels based on the action type.
- Modified limiters for Fork, Import, Message, STT, TTS, Tool Call, and File Upload to utilize the new violation scores when logging violations.
2025-07-07 17:08:40 -04:00
|
|
|
await logViolation(req, res, type, errorMessage, ttsViolationScore);
|
2024-05-30 18:39:21 -04:00
|
|
|
res.status(429).json({ message: 'Too many TTS requests. Try again later' });
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const createTTSLimiters = () => {
|
|
|
|
|
const { ttsIpWindowMs, ttsIpMax, ttsUserWindowMs, ttsUserMax } = getEnvironmentVariables();
|
|
|
|
|
|
2025-03-21 14:14:45 -04:00
|
|
|
const ipLimiterOptions = {
|
2024-05-30 18:39:21 -04:00
|
|
|
windowMs: ttsIpWindowMs,
|
|
|
|
|
max: ttsIpMax,
|
|
|
|
|
handler: createTTSHandler(),
|
🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319)
* fix: Add removePorts keyGenerator to all IP-based rate limiters
Six IP-based rate limiters are missing the `keyGenerator: removePorts`
option that is already used by the auth-related limiters (login,
register, resetPassword, verifyEmail). Without it, reverse proxies that
include ports in X-Forwarded-For headers cause
ERR_ERL_INVALID_IP_ADDRESS errors from express-rate-limit.
Fixes #12318
* fix: make removePorts IPv6-safe to prevent rate-limit key collisions
The original regex `/:\d+[^:]*$/` treated the last colon-delimited
segment of bare IPv6 addresses as a port, mangling valid IPs
(e.g. `::1` → `::`, `2001:db8::1` → `2001:db8::`). Distinct IPv6
clients could collapse into the same rate-limit bucket.
Use `net.isIP()` as a fast path for already-valid IPs, then match
bracketed IPv6+port and IPv4+port explicitly. Bare IPv6 addresses
are now returned unchanged.
Also fixes pre-existing property ordering inconsistency in
ttsLimiters.js userLimiterOptions (keyGenerator before store).
* refactor: move removePorts to packages/api as TypeScript, fix import order
- Move removePorts implementation to packages/api/src/utils/removePorts.ts
with proper Express Request typing
- Reduce api/server/utils/removePorts.js to a thin re-export from
@librechat/api for backward compatibility
- Consolidate removePorts import with limiterCache from @librechat/api
in all 6 limiter files, fixing import order (package imports shortest
to longest, local imports longest to shortest)
- Remove narrating inline comments per code style guidelines
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
2026-03-19 21:48:03 -04:00
|
|
|
keyGenerator: removePorts,
|
2025-07-15 16:24:31 -06:00
|
|
|
store: limiterCache('tts_ip_limiter'),
|
2025-03-21 14:14:45 -04:00
|
|
|
};
|
2024-05-30 18:39:21 -04:00
|
|
|
|
2025-03-21 14:14:45 -04:00
|
|
|
const userLimiterOptions = {
|
2024-05-30 18:39:21 -04:00
|
|
|
windowMs: ttsUserWindowMs,
|
|
|
|
|
max: ttsUserMax,
|
|
|
|
|
handler: createTTSHandler(false),
|
|
|
|
|
keyGenerator: function (req) {
|
🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319)
* fix: Add removePorts keyGenerator to all IP-based rate limiters
Six IP-based rate limiters are missing the `keyGenerator: removePorts`
option that is already used by the auth-related limiters (login,
register, resetPassword, verifyEmail). Without it, reverse proxies that
include ports in X-Forwarded-For headers cause
ERR_ERL_INVALID_IP_ADDRESS errors from express-rate-limit.
Fixes #12318
* fix: make removePorts IPv6-safe to prevent rate-limit key collisions
The original regex `/:\d+[^:]*$/` treated the last colon-delimited
segment of bare IPv6 addresses as a port, mangling valid IPs
(e.g. `::1` → `::`, `2001:db8::1` → `2001:db8::`). Distinct IPv6
clients could collapse into the same rate-limit bucket.
Use `net.isIP()` as a fast path for already-valid IPs, then match
bracketed IPv6+port and IPv4+port explicitly. Bare IPv6 addresses
are now returned unchanged.
Also fixes pre-existing property ordering inconsistency in
ttsLimiters.js userLimiterOptions (keyGenerator before store).
* refactor: move removePorts to packages/api as TypeScript, fix import order
- Move removePorts implementation to packages/api/src/utils/removePorts.ts
with proper Express Request typing
- Reduce api/server/utils/removePorts.js to a thin re-export from
@librechat/api for backward compatibility
- Consolidate removePorts import with limiterCache from @librechat/api
in all 6 limiter files, fixing import order (package imports shortest
to longest, local imports longest to shortest)
- Remove narrating inline comments per code style guidelines
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
2026-03-19 21:48:03 -04:00
|
|
|
return req.user?.id;
|
2024-05-30 18:39:21 -04:00
|
|
|
},
|
🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319)
* fix: Add removePorts keyGenerator to all IP-based rate limiters
Six IP-based rate limiters are missing the `keyGenerator: removePorts`
option that is already used by the auth-related limiters (login,
register, resetPassword, verifyEmail). Without it, reverse proxies that
include ports in X-Forwarded-For headers cause
ERR_ERL_INVALID_IP_ADDRESS errors from express-rate-limit.
Fixes #12318
* fix: make removePorts IPv6-safe to prevent rate-limit key collisions
The original regex `/:\d+[^:]*$/` treated the last colon-delimited
segment of bare IPv6 addresses as a port, mangling valid IPs
(e.g. `::1` → `::`, `2001:db8::1` → `2001:db8::`). Distinct IPv6
clients could collapse into the same rate-limit bucket.
Use `net.isIP()` as a fast path for already-valid IPs, then match
bracketed IPv6+port and IPv4+port explicitly. Bare IPv6 addresses
are now returned unchanged.
Also fixes pre-existing property ordering inconsistency in
ttsLimiters.js userLimiterOptions (keyGenerator before store).
* refactor: move removePorts to packages/api as TypeScript, fix import order
- Move removePorts implementation to packages/api/src/utils/removePorts.ts
with proper Express Request typing
- Reduce api/server/utils/removePorts.js to a thin re-export from
@librechat/api for backward compatibility
- Consolidate removePorts import with limiterCache from @librechat/api
in all 6 limiter files, fixing import order (package imports shortest
to longest, local imports longest to shortest)
- Remove narrating inline comments per code style guidelines
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
2026-03-19 21:48:03 -04:00
|
|
|
store: limiterCache('tts_user_limiter'),
|
2025-03-21 14:14:45 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const ttsIpLimiter = rateLimit(ipLimiterOptions);
|
|
|
|
|
const ttsUserLimiter = rateLimit(userLimiterOptions);
|
2024-05-30 18:39:21 -04:00
|
|
|
|
|
|
|
|
return { ttsIpLimiter, ttsUserLimiter };
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports = createTTSLimiters;
|