feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)

* refactor: require Auth middleware in route index files * feat: concurrent message limiter * feat: complete concurrent message limiter with caching * refactor: SSE response methods separated from handleText * fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body * chore: minor name changes * refactor: add isUUID condition to saveMessage * fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization * chore: bump keyv and remove console.log from Message * fix(concurrentLimiter): ensure messages are only saved in later message children * refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future * feat: add denyRequest function for error responses * feat(utils): add isStringTruthy function Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true' * feat: add optional message rate limiters by IP and userId * feat: add optional message rate limiters by IP and userId to edit route * refactor: rename isStringTruthy to isTrue for brevity * refactor(getError): use map to make code cleaner * refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation * feat: check if errorMessage is object, stringify if so * chore: send object to denyRequest which will stringify it * feat: log excessive requests * fix(getError): correctly pluralize messages * refactor(limiters): make type consistent between logs and errorMessage * refactor(cache): move files out of lib/db into separate cache dir >> feat: add getLogStores function so Keyv instance is not redundantly created on every violation feat: separate violation logging to own function with logViolation * fix: cache/index.js export, properly record userViolations * refactor(messageLimiters): use new logging method, add logging to registrations * refactor(logViolation): make userLogs an array of logs per user * feat: add logging to login limiter * refactor: pass req as first param to logViolation and record offending IP * refactor: rename isTrue helper fn to isEnabled * feat: add simple non_browser check and log violation * fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch * chore: adjust nodemon ignore paths to properly ignore logs * feat: add math helper function for safe use of eval * refactor(api/convos): use middleware at top of file to avoid redundancy * feat: add delete all static method for Sessions * fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case) * refactor(getLogStores): adjust return type * feat: add ban violation and check ban logic refactor(logViolation): pass both req and res objects * feat: add removePorts helper function * refactor: rename getError to getMessageError and add getLoginError for displaying different login errors * fix(AuthContext): fix type issue and remove unused code * refactor(bans): ban by ip and user id, send response based on origin * chore: add frontend ban messages * refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy * feat: add ban check to AI messaging routes * feat: add ban check to login/registration * fix(ci/api): mock KeyvMongo to avoid tests hanging * docs: update .env.example > refactor(banViolation): calculate interval rate crossover, early return if duration is invalid ci(banViolation): add tests to ensure users are only banned when expected * docs: improve wording for mod system * feat: add configurable env variables for violation scores * chore: add jsdoc for uaParser.js * chore: improve ban text log * chore: update bun test scripts * refactor(math.js): add fallback values * fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead refactor(getLogStores): get a single log store by type * fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0 * fix(banViolation.js): getLogStores import * feat: handle 500 code error at login * fix(middleware): handle case where user.id is _id and not just id * ci: add ban secrets for backend unit tests * refactor: logout user upon ban * chore: log session delete message only if deletedCount > 0 * refactor: change default ban duration (2h) and make logic more clear in JSDOC * fix: login and registration limiters will now return rate limiting error * fix: userId not parsable as non ObjectId string * feat: add useTimeout hook to properly clear timeouts when invoking functions within them refactor(AuthContext): cleanup code by using new hook and defining types in ~/common * fix: login error message for rate limits * docs: add info for automated mod system and rate limiters, update other docs accordingly * chore: bump data-provider version
2025-09-22 06:00:56 +02:00 · 2023-09-13 10:57:07 -04:00 · 2023-09-13 10:57:07 -04:00 · 7b2cedf5ff
commit 7b2cedf5ff
parent db803cd640
69 changed files with 2180 additions and 1062 deletions
--- a/api/server/middleware/concurrentLimiter.js
+++ b/api/server/middleware/concurrentLimiter.js
@ -0,0 +1,81 @@
+const Keyv = require('keyv');
+const { logViolation } = require('../../cache');
+
+const denyRequest = require('./denyRequest');
+
+// Serve cache from memory so no need to clear it on startup/exit
+const pendingReqCache = new Keyv({ namespace: 'pendingRequests' });
+
+/**
+ * Middleware to limit concurrent requests for a user.
+ *
+ * This middleware checks if a user has exceeded a specified concurrent request limit.
+ * If the user exceeds the limit, an error is returned. If the user is within the limit,
+ * their request count is incremented. After the request is processed, the count is decremented.
+ * If the `pendingReqCache` store is not available, the middleware will skip its logic.
+ *
+ * @function
+ * @param {Object} req - Express request object containing user information.
+ * @param {Object} res - Express response object.
+ * @param {function} next - Express next middleware function.
+ * @throws {Error} Throws an error if the user exceeds the concurrent request limit.
+ */
+const concurrentLimiter = async (req, res, next) => {
+  if (!pendingReqCache) {
+    return next();
+  }
+
+  if (Object.keys(req?.body ?? {}).length === 1 && req?.body?.abortKey) {
+    return next();
+  }
+
+  const { CONCURRENT_MESSAGE_MAX = 1, CONCURRENT_VIOLATION_SCORE: score } = process.env;
+  const limit = Math.max(CONCURRENT_MESSAGE_MAX, 1);
+  const type = 'concurrent';
+
+  const userId = req.user?.id ?? req.user?._id ?? null;
+  const pendingRequests = (await pendingReqCache.get(userId)) ?? 0;
+
+  if (pendingRequests >= limit) {
+    const errorMessage = {
+      type,
+      limit,
+      pendingRequests,
+    };
+
+    await logViolation(req, res, type, errorMessage, score);
+    return await denyRequest(req, res, errorMessage);
+  } else {
+    await pendingReqCache.set(userId, pendingRequests + 1);
+  }
+
+  // Ensure the requests are removed from the store once the request is done
+  const cleanUp = async () => {
+    if (!pendingReqCache) {
+      return;
+    }
+
+    const currentRequests = await pendingReqCache.get(userId);
+
+    if (currentRequests && currentRequests >= 1) {
+      await pendingReqCache.set(userId, currentRequests - 1);
+    } else {
+      await pendingReqCache.delete(userId);
+    }
+  };
+
+  if (pendingRequests < limit) {
+    res.on('finish', cleanUp);
+    res.on('close', cleanUp);
+  }
+
+  next();
+};
+
+// if cache is not served from memory, clear it on exit
+// process.on('exit', async () => {
+//   console.log('Clearing all pending requests before exiting...');
+//   await pendingReqCache.clear();
+// });
+
+module.exports = concurrentLimiter;