feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)

* refactor: require Auth middleware in route index files

* feat: concurrent message limiter

* feat: complete concurrent message limiter with caching

* refactor: SSE response methods separated from handleText

* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body

* chore: minor name changes

* refactor: add isUUID condition to saveMessage

* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization

* chore: bump keyv and remove console.log from Message

* fix(concurrentLimiter): ensure messages are only saved in later message children

* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future

* feat: add denyRequest function for error responses

* feat(utils): add isStringTruthy function

Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'

* feat: add optional message rate limiters by IP and userId

* feat: add optional message rate limiters by IP and userId to edit route

* refactor: rename isStringTruthy to isTrue for brevity

* refactor(getError): use map to make code cleaner

* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation

* feat: check if errorMessage is object, stringify if so

* chore: send object to denyRequest which will stringify it

* feat: log excessive requests

* fix(getError): correctly pluralize messages

* refactor(limiters): make type consistent between logs and errorMessage

* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation

* fix: cache/index.js export, properly record userViolations

* refactor(messageLimiters): use new logging method, add logging to registrations

* refactor(logViolation): make userLogs an array of logs per user

* feat: add logging to login limiter

* refactor: pass req as first param to logViolation and record offending IP

* refactor: rename isTrue helper fn to isEnabled

* feat: add simple non_browser check and log violation

* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch

* chore: adjust nodemon ignore paths to properly ignore logs

* feat: add math helper function for safe use of eval

* refactor(api/convos): use middleware at top of file to avoid redundancy

* feat: add delete all static method for Sessions

* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)

* refactor(getLogStores): adjust return type

* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects

* feat: add removePorts helper function

* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors

* fix(AuthContext): fix type issue and remove unused code

* refactor(bans): ban by ip and user id, send response based on origin

* chore: add frontend ban messages

* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy

* feat: add ban check to AI messaging routes

* feat: add ban check to login/registration

* fix(ci/api): mock KeyvMongo to avoid tests hanging

* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected

* docs: improve wording for mod system

* feat: add configurable env variables for violation scores

* chore: add jsdoc for uaParser.js

* chore: improve ban text log

* chore: update bun test scripts

* refactor(math.js): add fallback values

* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type

* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0

* fix(banViolation.js): getLogStores import

* feat: handle 500 code error at login

* fix(middleware): handle case where user.id is _id and not just id

* ci: add ban secrets for backend unit tests

* refactor: logout user upon ban

* chore: log session delete message only if deletedCount > 0

* refactor: change default ban duration (2h) and make logic more clear in JSDOC

* fix: login and registration limiters will now return rate limiting error

* fix: userId not parsable as non ObjectId string

* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common

* fix: login error message for rate limits

* docs: add info for automated mod system and rate limiters, update other docs accordingly

* chore: bump data-provider version

api/cache/banViolation.js

@@ -0,0 +1,68 @@
+const Session = require('../models/Session');
+const getLogStores = require('./getLogStores');
+const { isEnabled, math, removePorts } = require('../server/utils');
+const { BAN_VIOLATIONS, BAN_INTERVAL } = process.env ?? {};
+const interval = math(BAN_INTERVAL, 20);
+
+/**
+ * Bans a user based on violation criteria.
+ *
+ * If the user's violation count is a multiple of the BAN_INTERVAL, the user will be banned.
+ * The duration of the ban is determined by the BAN_DURATION environment variable.
+ * If BAN_DURATION is not set or invalid, the user will not be banned.
+ * Sessions will be deleted and the refreshToken cookie will be cleared even with
+ * an invalid or nill duration, which is a "soft" ban; the user can remain active until
+ * access token expiry.
+ *
+ * @async
+ * @param {Object} req - Express request object containing user information.
+ * @param {Object} res - Express response object.
+ * @param {Object} errorMessage - Object containing user violation details.
+ * @param {string} errorMessage.type - Type of the violation.
+ * @param {string} errorMessage.user_id - ID of the user who committed the violation.
+ * @param {number} errorMessage.violation_count - Number of violations committed by the user.
+ *
+ * @returns {Promise<void>}
+ *
+ */
+const banViolation = async (req, res, errorMessage) => {
+  if (!isEnabled(BAN_VIOLATIONS)) {
+    return;
+  }
+
+  if (!errorMessage) {
+    return;
+  }
+
+  const { type, user_id, prev_count, violation_count } = errorMessage;
+
+  const prevThreshold = Math.floor(prev_count / interval);
+  const currentThreshold = Math.floor(violation_count / interval);
+
+  if (prevThreshold >= currentThreshold) {
+    return;
+  }
+
+  await Session.deleteAllUserSessions(user_id);
+  res.clearCookie('refreshToken');
+
+  const banLogs = getLogStores('ban');
+  const duration = banLogs.opts.ttl;
+
+  if (duration <= 0) {
+    return;
+  }
+
+  req.ip = removePorts(req);
+  console.log(`[BAN] Banning user ${user_id} @ ${req.ip} for ${duration / 1000 / 60} minutes`);
+  const expiresAt = Date.now() + duration;
+  await banLogs.set(user_id, { type, violation_count, duration, expiresAt });
+  await banLogs.set(req.ip, { type, user_id, violation_count, duration, expiresAt });
+
+  errorMessage.ban = true;
+  errorMessage.ban_duration = duration;
+
+  return;
+};
+
+module.exports = banViolation;

api/cache/banViolation.spec.js

@@ -0,0 +1,155 @@
+const banViolation = require('./banViolation');
+
+jest.mock('keyv');
+jest.mock('../models/Session');
+// Mocking the getLogStores function
+jest.mock('./getLogStores', () => {
+  return jest.fn().mockImplementation(() => {
+    const EventEmitter = require('events');
+    const math = require('../server/utils/math');
+    const mockGet = jest.fn();
+    const mockSet = jest.fn();
+    class KeyvMongo extends EventEmitter {
+      constructor(url = 'mongodb://127.0.0.1:27017', options) {
+        super();
+        this.ttlSupport = false;
+        url = url ?? {};
+        if (typeof url === 'string') {
+          url = { url };
+        }
+        if (url.uri) {
+          url = { url: url.uri, ...url };
+        }
+        this.opts = {
+          url,
+          collection: 'keyv',
+          ...url,
+          ...options,
+        };
+      }
+
+      get = mockGet;
+      set = mockSet;
+    }
+
+    return new KeyvMongo('', {
+      namespace: 'bans',
+      ttl: math(process.env.BAN_DURATION, 7200000),
+    });
+  });
+});
+
+describe('banViolation', () => {
+  let req, res, errorMessage;
+
+  beforeEach(() => {
+    req = {
+      ip: '127.0.0.1',
+      cookies: {
+        refreshToken: 'someToken',
+      },
+    };
+    res = {
+      clearCookie: jest.fn(),
+    };
+    errorMessage = {
+      type: 'someViolation',
+      user_id: '12345',
+      prev_count: 0,
+      violation_count: 0,
+    };
+    process.env.BAN_VIOLATIONS = 'true';
+    process.env.BAN_DURATION = '7200000'; // 2 hours in ms
+    process.env.BAN_INTERVAL = '20';
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should not ban if BAN_VIOLATIONS are not enabled', async () => {
+    process.env.BAN_VIOLATIONS = 'false';
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeFalsy();
+  });
+
+  it('should not ban if errorMessage is not provided', async () => {
+    await banViolation(req, res, null);
+    expect(errorMessage.ban).toBeFalsy();
+  });
+
+  it('[1/3] should ban if violation_count crosses the interval threshold: 19 -> 39', async () => {
+    errorMessage.prev_count = 19;
+    errorMessage.violation_count = 39;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeTruthy();
+  });
+
+  it('[2/3] should ban if violation_count crosses the interval threshold: 19 -> 20', async () => {
+    errorMessage.prev_count = 19;
+    errorMessage.violation_count = 20;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeTruthy();
+  });
+
+  const randomValueAbove = Math.floor(20 + Math.random() * 100);
+  it(`[3/3] should ban if violation_count crosses the interval threshold: 19 -> ${randomValueAbove}`, async () => {
+    errorMessage.prev_count = 19;
+    errorMessage.violation_count = randomValueAbove;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeTruthy();
+  });
+
+  it('should handle invalid BAN_INTERVAL and default to 20', async () => {
+    process.env.BAN_INTERVAL = 'invalid';
+    errorMessage.prev_count = 19;
+    errorMessage.violation_count = 39;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeTruthy();
+  });
+
+  it('should ban if BAN_DURATION is invalid as default is 2 hours', async () => {
+    process.env.BAN_DURATION = 'invalid';
+    errorMessage.prev_count = 19;
+    errorMessage.violation_count = 39;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeTruthy();
+  });
+
+  it('should not ban if BAN_DURATION is 0 but should clear cookies', async () => {
+    process.env.BAN_DURATION = '0';
+    errorMessage.prev_count = 19;
+    errorMessage.violation_count = 39;
+    await banViolation(req, res, errorMessage);
+    expect(res.clearCookie).toHaveBeenCalledWith('refreshToken');
+  });
+
+  it('should not ban if violation_count does not change', async () => {
+    errorMessage.prev_count = 0;
+    errorMessage.violation_count = 0;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeFalsy();
+  });
+
+  it('[1/2] should not ban if violation_count does not cross the interval threshold: 0 -> 19', async () => {
+    errorMessage.prev_count = 0;
+    errorMessage.violation_count = 19;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeFalsy();
+  });
+
+  const randomValueUnder = Math.floor(1 + Math.random() * 19);
+  it(`[2/2] should not ban if violation_count does not cross the interval threshold: 0 -> ${randomValueUnder}`, async () => {
+    errorMessage.prev_count = 0;
+    errorMessage.violation_count = randomValueUnder;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeFalsy();
+  });
+
+  it('[EDGE CASE] should not ban if violation_count is lower', async () => {
+    errorMessage.prev_count = 0;
+    errorMessage.violation_count = -10;
+    await banViolation(req, res, errorMessage);
+    expect(errorMessage.ban).toBeFalsy();
+  });
+});

api/cache/clearPendingReq.js

@@ -0,0 +1,29 @@
+const Keyv = require('keyv');
+const { pendingReqFile } = require('./keyvFiles');
+const { LIMIT_CONCURRENT_MESSAGES } = process.env ?? {};
+
+const keyv = new Keyv({ store: pendingReqFile, namespace: 'pendingRequests' });
+
+/**
+ * Clear pending requests from the cache.
+ * Checks the environmental variable LIMIT_CONCURRENT_MESSAGES;
+ * if the rule is enabled ('true'), pending requests in the cache are cleared.
+ *
+ * @module clearPendingReq
+ * @requires keyv
+ * @requires keyvFiles
+ * @requires process
+ *
+ * @async
+ * @function
+ * @returns {Promise<void>} A promise that either clears 'pendingRequests' from store or resolves with no value.
+ */
+const clearPendingReq = async () => {
+  if (LIMIT_CONCURRENT_MESSAGES?.toLowerCase() !== 'true') {
+    return;
+  }
+
+  await keyv.clear();
+};
+
+module.exports = clearPendingReq;

api/cache/getLogStores.js

@@ -0,0 +1,40 @@
+const Keyv = require('keyv');
+const keyvMongo = require('./keyvMongo');
+const { math } = require('../server/utils');
+const { logFile, violationFile } = require('./keyvFiles');
+const { BAN_DURATION } = process.env ?? {};
+
+const duration = math(BAN_DURATION, 7200000);
+
+const namespaces = {
+  ban: new Keyv({ store: keyvMongo, ttl: duration, namespace: 'bans' }),
+  general: new Keyv({ store: logFile, namespace: 'violations' }),
+  concurrent: new Keyv({ store: violationFile, namespace: 'concurrent' }),
+  non_browser: new Keyv({ store: violationFile, namespace: 'non_browser' }),
+  message_limit: new Keyv({ store: violationFile, namespace: 'message_limit' }),
+  registrations: new Keyv({ store: violationFile, namespace: 'registrations' }),
+  logins: new Keyv({ store: violationFile, namespace: 'logins' }),
+};
+
+/**
+ * Returns either the logs of violations specified by type if a type is provided
+ * or it returns the general log if no type is specified. If an invalid type is passed,
+ * an error will be thrown.
+ *
+ * @module getLogStores
+ * @requires keyv - a simple key-value storage that allows you to easily switch out storage adapters.
+ * @requires keyvFiles - a module that includes the logFile and violationFile.
+ *
+ * @param {string} type - The type of violation, which can be 'concurrent', 'message_limit', 'registrations' or 'logins'.
+ * @returns {Keyv} - If a valid type is passed, returns an object containing the logs for violations of the specified type.
+ * @throws Will throw an error if an invalid violation type is passed.
+ */
+const getLogStores = (type) => {
+  if (!type) {
+    throw new Error(`Invalid store type: ${type}`);
+  }
+  const logs = namespaces[type];
+  return logs;
+};
+
+module.exports = getLogStores;

api/cache/index.js

@@ -0,0 +1,6 @@
+const keyvFiles = require('./keyvFiles');
+const getLogStores = require('./getLogStores');
+const logViolation = require('./logViolation');
+const clearPendingReq = require('./clearPendingReq');
+
+module.exports = { ...keyvFiles, getLogStores, logViolation, clearPendingReq };

api/cache/keyvFiles.js

@@ -0,0 +1,11 @@
+const { KeyvFile } = require('keyv-file');
+
+const logFile = new KeyvFile({ filename: './data/logs.json' });
+const pendingReqFile = new KeyvFile({ filename: './data/pendingReqCache.json' });
+const violationFile = new KeyvFile({ filename: './data/violations.json' });
+
+module.exports = {
+  logFile,
+  pendingReqFile,
+  violationFile,
+};

api/cache/keyvMongo.js

@@ -0,0 +1,7 @@
+const KeyvMongo = require('@keyv/mongo');
+const { MONGO_URI } = process.env ?? {};
+
+const keyvMongo = new KeyvMongo(MONGO_URI, { collection: 'logs' });
+keyvMongo.on('error', (err) => console.error('KeyvMongo connection error:', err));
+
+module.exports = keyvMongo;

api/cache/logViolation.js

@@ -0,0 +1,36 @@
+const getLogStores = require('./getLogStores');
+const banViolation = require('./banViolation');
+
+/**
+ * Logs the violation.
+ *
+ * @param {Object} req - Express request object containing user information.
+ * @param {Object} res - Express response object.
+ * @param {string} type - The type of violation.
+ * @param {Object} errorMessage - The error message to log.
+ * @param {number} [score=1] - The severity of the violation. Defaults to 1
+ */
+const logViolation = async (req, res, type, errorMessage, score = 1) => {
+  const userId = req.user?.id ?? req.user?._id;
+  if (!userId) {
+    return;
+  }
+  const logs = getLogStores('general');
+  const violationLogs = getLogStores(type);
+
+  const userViolations = (await violationLogs.get(userId)) ?? 0;
+  const violationCount = userViolations + score;
+  await violationLogs.set(userId, violationCount);
+
+  errorMessage.user_id = userId;
+  errorMessage.prev_count = userViolations;
+  errorMessage.violation_count = violationCount;
+  errorMessage.date = new Date().toISOString();
+
+  await banViolation(req, res, errorMessage);
+  const userLogs = (await logs.get(userId)) ?? [];
+  userLogs.push(errorMessage);
+  await logs.set(userId, userLogs);
+};
+
+module.exports = logViolation;