feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)

* refactor: require Auth middleware in route index files

* feat: concurrent message limiter

* feat: complete concurrent message limiter with caching

* refactor: SSE response methods separated from handleText

* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body

* chore: minor name changes

* refactor: add isUUID condition to saveMessage

* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization

* chore: bump keyv and remove console.log from Message

* fix(concurrentLimiter): ensure messages are only saved in later message children

* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future

* feat: add denyRequest function for error responses

* feat(utils): add isStringTruthy function

Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'

* feat: add optional message rate limiters by IP and userId

* feat: add optional message rate limiters by IP and userId to edit route

* refactor: rename isStringTruthy to isTrue for brevity

* refactor(getError): use map to make code cleaner

* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation

* feat: check if errorMessage is object, stringify if so

* chore: send object to denyRequest which will stringify it

* feat: log excessive requests

* fix(getError): correctly pluralize messages

* refactor(limiters): make type consistent between logs and errorMessage

* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation

* fix: cache/index.js export, properly record userViolations

* refactor(messageLimiters): use new logging method, add logging to registrations

* refactor(logViolation): make userLogs an array of logs per user

* feat: add logging to login limiter

* refactor: pass req as first param to logViolation and record offending IP

* refactor: rename isTrue helper fn to isEnabled

* feat: add simple non_browser check and log violation

* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch

* chore: adjust nodemon ignore paths to properly ignore logs

* feat: add math helper function for safe use of eval

* refactor(api/convos): use middleware at top of file to avoid redundancy

* feat: add delete all static method for Sessions

* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)

* refactor(getLogStores): adjust return type

* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects

* feat: add removePorts helper function

* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors

* fix(AuthContext): fix type issue and remove unused code

* refactor(bans): ban by ip and user id, send response based on origin

* chore: add frontend ban messages

* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy

* feat: add ban check to AI messaging routes

* feat: add ban check to login/registration

* fix(ci/api): mock KeyvMongo to avoid tests hanging

* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected

* docs: improve wording for mod system

* feat: add configurable env variables for violation scores

* chore: add jsdoc for uaParser.js

* chore: improve ban text log

* chore: update bun test scripts

* refactor(math.js): add fallback values

* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type

* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0

* fix(banViolation.js): getLogStores import

* feat: handle 500 code error at login

* fix(middleware): handle case where user.id is _id and not just id

* ci: add ban secrets for backend unit tests

* refactor: logout user upon ban

* chore: log session delete message only if deletedCount > 0

* refactor: change default ban duration (2h) and make logic more clear in JSDOC

* fix: login and registration limiters will now return rate limiting error

* fix: userId not parsable as non ObjectId string

* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common

* fix: login error message for rate limits

* docs: add info for automated mod system and rate limiters, update other docs accordingly

* chore: bump data-provider version

api/server/middleware/abortMiddleware.js

@@ -1,6 +1,5 @@
-const crypto = require('crypto');
 const { saveMessage, getConvo, getConvoTitle } = require('../../models');
-const { sendMessage, handleError } = require('../utils');
+const { sendMessage, sendError } = require('../utils');
 const abortControllers = require('./abortControllers');
 
 async function abortMessage(req, res) {
@@ -27,8 +26,9 @@ const handleAbort = () => {
   };
 };
 
-const createAbortController = (res, req, endpointOption, getAbortData) => {
+const createAbortController = (req, res, getAbortData) => {
   const abortController = new AbortController();
+  const { endpointOption } = req.body;
   const onStart = (userMessage) => {
     sendMessage(res, { message: userMessage, created: true });
     const abortKey = userMessage?.conversationId ?? req.user.id;
@@ -73,25 +73,23 @@ const handleAbortError = async (res, req, error, data) => {
   const { sender, conversationId, messageId, parentMessageId, partialText } = data;
 
   const respondWithError = async () => {
-    const errorMessage = {
+    const options = {
       sender,
-      messageId: messageId ?? crypto.randomUUID(),
+      messageId,
       conversationId,
       parentMessageId,
-      unfinished: false,
-      cancelled: false,
-      error: true,
-      final: true,
       text: error.message,
-      isCreatedByUser: false,
+      shouldSaveMessage: true,
     };
-    if (abortControllers.has(conversationId)) {
-      const { abortController } = abortControllers.get(conversationId);
-      abortController.abort();
-      abortControllers.delete(conversationId);
-    }
-    await saveMessage(errorMessage);
-    handleError(res, errorMessage);
+    const callback = async () => {
+      if (abortControllers.has(conversationId)) {
+        const { abortController } = abortControllers.get(conversationId);
+        abortController.abort();
+        abortControllers.delete(conversationId);
+      }
+    };
+
+    await sendError(res, options, callback);
   };
 
   if (partialText && partialText.length > 5) {

api/server/middleware/checkBan.js

@@ -0,0 +1,92 @@
+const Keyv = require('keyv');
+const uap = require('ua-parser-js');
+const { getLogStores } = require('../../cache');
+const denyRequest = require('./denyRequest');
+const { isEnabled, removePorts } = require('../utils');
+
+const banCache = new Keyv({ namespace: 'bans', ttl: 0 });
+const message = 'Your account has been temporarily banned due to violations of our service.';
+
+/**
+ * Respond to the request if the user is banned.
+ *
+ * @async
+ * @function
+ * @param {Object} req - Express Request object.
+ * @param {Object} res - Express Response object.
+ * @param {String} errorMessage - Error message to be displayed in case of /api/ask or /api/edit request.
+ *
+ * @returns {Promise<Object>} - Returns a Promise which when resolved sends a response status of 403 with a specific message if request is not of api/ask or api/edit types. If it is, calls `denyRequest()` function.
+ */
+const banResponse = async (req, res) => {
+  const ua = uap(req.headers['user-agent']);
+  const { baseUrl } = req;
+  if (!ua.browser.name) {
+    return res.status(403).json({ message });
+  } else if (baseUrl === '/api/ask' || baseUrl === '/api/edit') {
+    return await denyRequest(req, res, { type: 'ban' });
+  }
+
+  return res.status(403).json({ message });
+};
+
+/**
+ * Checks if the source IP or user is banned or not.
+ *
+ * @async
+ * @function
+ * @param {Object} req - Express request object.
+ * @param {Object} res - Express response object.
+ * @param {Function} next - Next middleware function.
+ *
+ * @returns {Promise<function|Object>} - Returns a Promise which when resolved calls next middleware if user or source IP is not banned. Otherwise calls `banResponse()` and sets ban details in `banCache`.
+ */
+const checkBan = async (req, res, next = () => {}) => {
+  const { BAN_VIOLATIONS } = process.env ?? {};
+
+  if (!isEnabled(BAN_VIOLATIONS)) {
+    return next();
+  }
+
+  req.ip = removePorts(req);
+  const userId = req.user?.id ?? req.user?._id ?? null;
+
+  const cachedIPBan = await banCache.get(req.ip);
+  const cachedUserBan = await banCache.get(userId);
+  const cachedBan = cachedIPBan || cachedUserBan;
+
+  if (cachedBan) {
+    req.banned = true;
+    return await banResponse(req, res);
+  }
+
+  const banLogs = getLogStores('ban');
+  const duration = banLogs.opts.ttl;
+
+  if (duration <= 0) {
+    return next();
+  }
+
+  const ipBan = await banLogs.get(req.ip);
+  const userBan = await banLogs.get(userId);
+  const isBanned = ipBan || userBan;
+
+  if (!isBanned) {
+    return next();
+  }
+
+  const timeLeft = Number(isBanned.expiresAt) - Date.now();
+
+  if (timeLeft <= 0) {
+    await banLogs.delete(req.ip);
+    await banLogs.delete(userId);
+    return next();
+  }
+
+  banCache.set(req.ip, isBanned, timeLeft);
+  banCache.set(userId, isBanned, timeLeft);
+  req.banned = true;
+  return await banResponse(req, res);
+};
+
+module.exports = checkBan;

api/server/middleware/concurrentLimiter.js

@@ -0,0 +1,81 @@
+const Keyv = require('keyv');
+const { logViolation } = require('../../cache');
+
+const denyRequest = require('./denyRequest');
+
+// Serve cache from memory so no need to clear it on startup/exit
+const pendingReqCache = new Keyv({ namespace: 'pendingRequests' });
+
+/**
+ * Middleware to limit concurrent requests for a user.
+ *
+ * This middleware checks if a user has exceeded a specified concurrent request limit.
+ * If the user exceeds the limit, an error is returned. If the user is within the limit,
+ * their request count is incremented. After the request is processed, the count is decremented.
+ * If the `pendingReqCache` store is not available, the middleware will skip its logic.
+ *
+ * @function
+ * @param {Object} req - Express request object containing user information.
+ * @param {Object} res - Express response object.
+ * @param {function} next - Express next middleware function.
+ * @throws {Error} Throws an error if the user exceeds the concurrent request limit.
+ */
+const concurrentLimiter = async (req, res, next) => {
+  if (!pendingReqCache) {
+    return next();
+  }
+
+  if (Object.keys(req?.body ?? {}).length === 1 && req?.body?.abortKey) {
+    return next();
+  }
+
+  const { CONCURRENT_MESSAGE_MAX = 1, CONCURRENT_VIOLATION_SCORE: score } = process.env;
+  const limit = Math.max(CONCURRENT_MESSAGE_MAX, 1);
+  const type = 'concurrent';
+
+  const userId = req.user?.id ?? req.user?._id ?? null;
+  const pendingRequests = (await pendingReqCache.get(userId)) ?? 0;
+
+  if (pendingRequests >= limit) {
+    const errorMessage = {
+      type,
+      limit,
+      pendingRequests,
+    };
+
+    await logViolation(req, res, type, errorMessage, score);
+    return await denyRequest(req, res, errorMessage);
+  } else {
+    await pendingReqCache.set(userId, pendingRequests + 1);
+  }
+
+  // Ensure the requests are removed from the store once the request is done
+  const cleanUp = async () => {
+    if (!pendingReqCache) {
+      return;
+    }
+
+    const currentRequests = await pendingReqCache.get(userId);
+
+    if (currentRequests && currentRequests >= 1) {
+      await pendingReqCache.set(userId, currentRequests - 1);
+    } else {
+      await pendingReqCache.delete(userId);
+    }
+  };
+
+  if (pendingRequests < limit) {
+    res.on('finish', cleanUp);
+    res.on('close', cleanUp);
+  }
+
+  next();
+};
+
+// if cache is not served from memory, clear it on exit
+// process.on('exit', async () => {
+//   console.log('Clearing all pending requests before exiting...');
+//   await pendingReqCache.clear();
+// });
+
+module.exports = concurrentLimiter;

api/server/middleware/denyRequest.js

@@ -0,0 +1,58 @@
+const crypto = require('crypto');
+const { sendMessage, sendError } = require('../utils');
+const { getResponseSender } = require('../routes/endpoints/schemas');
+const { saveMessage } = require('../../models');
+
+/**
+ * Denies a request by sending an error message and optionally saves the user's message.
+ *
+ * @async
+ * @function
+ * @param {Object} req - Express request object.
+ * @param {Object} req.body - The body of the request.
+ * @param {string} [req.body.messageId] - The ID of the message.
+ * @param {string} [req.body.conversationId] - The ID of the conversation.
+ * @param {string} [req.body.parentMessageId] - The ID of the parent message.
+ * @param {string} req.body.text - The text of the message.
+ * @param {Object} res - Express response object.
+ * @param {string} errorMessage - The error message to be sent.
+ * @returns {Promise<Object>} A promise that resolves with the error response.
+ * @throws {Error} Throws an error if there's an issue saving the message or sending the error.
+ */
+const denyRequest = async (req, res, errorMessage) => {
+  let responseText = errorMessage;
+  if (typeof errorMessage === 'object') {
+    responseText = JSON.stringify(errorMessage);
+  }
+
+  const { messageId, conversationId: _convoId, parentMessageId, text } = req.body;
+  const conversationId = _convoId ?? crypto.randomUUID();
+
+  const userMessage = {
+    sender: 'User',
+    messageId: messageId ?? crypto.randomUUID(),
+    parentMessageId,
+    conversationId,
+    isCreatedByUser: true,
+    text,
+  };
+  sendMessage(res, { message: userMessage, created: true });
+
+  const shouldSaveMessage =
+    _convoId && parentMessageId && parentMessageId !== '00000000-0000-0000-0000-000000000000';
+
+  if (shouldSaveMessage) {
+    await saveMessage(userMessage);
+  }
+
+  return await sendError(res, {
+    sender: getResponseSender(req.body),
+    messageId: crypto.randomUUID(),
+    conversationId,
+    parentMessageId: userMessage.messageId,
+    text: responseText,
+    shouldSaveMessage,
+  });
+};
+
+module.exports = denyRequest;

api/server/middleware/index.js

@@ -1,22 +1,30 @@
 const abortMiddleware = require('./abortMiddleware');
+const checkBan = require('./checkBan');
+const uaParser = require('./uaParser');
 const setHeaders = require('./setHeaders');
 const loginLimiter = require('./loginLimiter');
 const requireJwtAuth = require('./requireJwtAuth');
 const registerLimiter = require('./registerLimiter');
+const messageLimiters = require('./messageLimiters');
 const requireLocalAuth = require('./requireLocalAuth');
 const validateEndpoint = require('./validateEndpoint');
+const concurrentLimiter = require('./concurrentLimiter');
 const validateMessageReq = require('./validateMessageReq');
 const buildEndpointOption = require('./buildEndpointOption');
 const validateRegistration = require('./validateRegistration');
 
 module.exports = {
   ...abortMiddleware,
+  ...messageLimiters,
+  checkBan,
+  uaParser,
   setHeaders,
   loginLimiter,
   requireJwtAuth,
   registerLimiter,
   requireLocalAuth,
   validateEndpoint,
+  concurrentLimiter,
   validateMessageReq,
   buildEndpointOption,
   validateRegistration,

api/server/middleware/loginLimiter.js

@@ -1,16 +1,30 @@
 const rateLimit = require('express-rate-limit');
-const windowMs = (process.env?.LOGIN_WINDOW ?? 5) * 60 * 1000; // default: 5 minutes
-const max = process.env?.LOGIN_MAX ?? 7; // default: limit each IP to 7 requests per windowMs
+const { logViolation } = require('../../cache');
+const { removePorts } = require('../utils');
+
+const { LOGIN_WINDOW = 5, LOGIN_MAX = 7, LOGIN_VIOLATION_SCORE: score } = process.env;
+const windowMs = LOGIN_WINDOW * 60 * 1000;
+const max = LOGIN_MAX;
 const windowInMinutes = windowMs / 60000;
+const message = `Too many login attempts, please try again after ${windowInMinutes} minutes.`;
+
+const handler = async (req, res) => {
+  const type = 'logins';
+  const errorMessage = {
+    type,
+    max,
+    windowInMinutes,
+  };
+
+  await logViolation(req, res, type, errorMessage, score);
+  return res.status(429).json({ message });
+};
 
 const loginLimiter = rateLimit({
   windowMs,
   max,
-  message: `Too many login attempts from this IP, please try again after ${windowInMinutes} minutes.`,
-  keyGenerator: function (req) {
-    // Strip out the port number from the IP address
-    return req.ip.replace(/:\d+[^:]*$/, '');
-  },
+  handler,
+  keyGenerator: removePorts,
 });
 
 module.exports = loginLimiter;

api/server/middleware/messageLimiters.js

@@ -0,0 +1,67 @@
+const rateLimit = require('express-rate-limit');
+const { logViolation } = require('../../cache');
+const denyRequest = require('./denyRequest');
+
+const {
+  MESSAGE_IP_MAX = 40,
+  MESSAGE_IP_WINDOW = 1,
+  MESSAGE_USER_MAX = 40,
+  MESSAGE_USER_WINDOW = 1,
+} = process.env;
+
+const ipWindowMs = MESSAGE_IP_WINDOW * 60 * 1000;
+const ipMax = MESSAGE_IP_MAX;
+const ipWindowInMinutes = ipWindowMs / 60000;
+
+const userWindowMs = MESSAGE_USER_WINDOW * 60 * 1000;
+const userMax = MESSAGE_USER_MAX;
+const userWindowInMinutes = userWindowMs / 60000;
+
+/**
+ * Creates either an IP/User message request rate limiter for excessive requests
+ * that properly logs and denies the violation.
+ *
+ * @param {boolean} [ip=true] - Whether to create an IP limiter or a user limiter.
+ * @returns {function} A rate limiter function.
+ *
+ */
+const createHandler = (ip = true) => {
+  return async (req, res) => {
+    const type = 'message_limit';
+    const errorMessage = {
+      type,
+      max: ip ? ipMax : userMax,
+      limiter: ip ? 'ip' : 'user',
+      windowInMinutes: ip ? ipWindowInMinutes : userWindowInMinutes,
+    };
+
+    await logViolation(req, res, type, errorMessage);
+    return await denyRequest(req, res, errorMessage);
+  };
+};
+
+/**
+ * Message request rate limiter by IP
+ */
+const messageIpLimiter = rateLimit({
+  windowMs: ipWindowMs,
+  max: ipMax,
+  handler: createHandler(),
+});
+
+/**
+ * Message request rate limiter by userId
+ */
+const messageUserLimiter = rateLimit({
+  windowMs: userWindowMs,
+  max: userMax,
+  handler: createHandler(false),
+  keyGenerator: function (req) {
+    return req.user?.id; // Use the user ID or NULL if not available
+  },
+});
+
+module.exports = {
+  messageIpLimiter,
+  messageUserLimiter,
+};

api/server/middleware/registerLimiter.js

@@ -1,16 +1,30 @@
 const rateLimit = require('express-rate-limit');
-const windowMs = (process.env?.REGISTER_WINDOW ?? 60) * 60 * 1000; // default: 1 hour
-const max = process.env?.REGISTER_MAX ?? 5; // default: limit each IP to 5 registrations per windowMs
+const { logViolation } = require('../../cache');
+const { removePorts } = require('../utils');
+
+const { REGISTER_WINDOW = 60, REGISTER_MAX = 5, REGISTRATION_VIOLATION_SCORE: score } = process.env;
+const windowMs = REGISTER_WINDOW * 60 * 1000;
+const max = REGISTER_MAX;
 const windowInMinutes = windowMs / 60000;
+const message = `Too many accounts created, please try again after ${windowInMinutes} minutes`;
+
+const handler = async (req, res) => {
+  const type = 'registrations';
+  const errorMessage = {
+    type,
+    max,
+    windowInMinutes,
+  };
+
+  await logViolation(req, res, type, errorMessage, score);
+  return res.status(429).json({ message });
+};
 
 const registerLimiter = rateLimit({
   windowMs,
   max,
-  message: `Too many accounts created from this IP, please try again after ${windowInMinutes} minutes`,
-  keyGenerator: function (req) {
-    // Strip out the port number from the IP address
-    return req.ip.replace(/:\d+[^:]*$/, '');
-  },
+  handler,
+  keyGenerator: removePorts,
 });
 
 module.exports = registerLimiter;

api/server/middleware/uaParser.js

@@ -0,0 +1,31 @@
+const uap = require('ua-parser-js');
+const { handleError } = require('../utils');
+const { logViolation } = require('../../cache');
+
+/**
+ * Middleware to parse User-Agent header and check if it's from a recognized browser.
+ * If the User-Agent is not recognized as a browser, logs a violation and sends an error response.
+ *
+ * @function
+ * @async
+ * @param {Object} req - Express request object.
+ * @param {Object} res - Express response object.
+ * @param {Function} next - Express next middleware function.
+ * @returns {void} Sends an error response if the User-Agent is not recognized as a browser.
+ *
+ * @example
+ * app.use(uaParser);
+ */
+async function uaParser(req, res, next) {
+  const { NON_BROWSER_VIOLATION_SCORE: score = 20 } = process.env;
+  const ua = uap(req.headers['user-agent']);
+
+  if (!ua.browser.name) {
+    const type = 'non_browser';
+    await logViolation(req, res, type, { type }, score);
+    return handleError(res, { message: 'Illegal request' });
+  }
+  next();
+}
+
+module.exports = uaParser;