🔉 feat: TTS/STT rate limiters (#2925)

* fix: remove double initialization of speech routes * refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting * feat: TTS/STT rate limiters * chore: remove console log * fix: make modular chat true by default
2025-12-29 22:58:51 +01:00 · 2024-05-30 18:39:21 -04:00 · 2024-05-30 18:39:21 -04:00 · 8318f26d66
commit 8318f26d66
parent 08d6bea359
12 changed files with 265 additions and 35 deletions
--- a/api/server/middleware/speech/index.js
+++ b/api/server/middleware/speech/index.js
@ -0,0 +1,7 @@
+const createTTSLimiters = require('./ttsLimiters');
+const createSTTLimiters = require('./sttLimiters');
+
+module.exports = {
+  createTTSLimiters,
+  createSTTLimiters,
+};
--- a/api/server/middleware/speech/sttLimiters.js
+++ b/api/server/middleware/speech/sttLimiters.js
@ -0,0 +1,68 @@
+const rateLimit = require('express-rate-limit');
+const { ViolationTypes } = require('librechat-data-provider');
+const logViolation = require('~/cache/logViolation');
+
+const getEnvironmentVariables = () => {
+  const STT_IP_MAX = parseInt(process.env.STT_IP_MAX) || 100;
+  const STT_IP_WINDOW = parseInt(process.env.STT_IP_WINDOW) || 1;
+  const STT_USER_MAX = parseInt(process.env.STT_USER_MAX) || 50;
+  const STT_USER_WINDOW = parseInt(process.env.STT_USER_WINDOW) || 1;
+
+  const sttIpWindowMs = STT_IP_WINDOW * 60 * 1000;
+  const sttIpMax = STT_IP_MAX;
+  const sttIpWindowInMinutes = sttIpWindowMs / 60000;
+
+  const sttUserWindowMs = STT_USER_WINDOW * 60 * 1000;
+  const sttUserMax = STT_USER_MAX;
+  const sttUserWindowInMinutes = sttUserWindowMs / 60000;
+
+  return {
+    sttIpWindowMs,
+    sttIpMax,
+    sttIpWindowInMinutes,
+    sttUserWindowMs,
+    sttUserMax,
+    sttUserWindowInMinutes,
+  };
+};
+
+const createSTTHandler = (ip = true) => {
+  const { sttIpMax, sttIpWindowInMinutes, sttUserMax, sttUserWindowInMinutes } =
+    getEnvironmentVariables();
+
+  return async (req, res) => {
+    const type = ViolationTypes.STT_LIMIT;
+    const errorMessage = {
+      type,
+      max: ip ? sttIpMax : sttUserMax,
+      limiter: ip ? 'ip' : 'user',
+      windowInMinutes: ip ? sttIpWindowInMinutes : sttUserWindowInMinutes,
+    };
+
+    await logViolation(req, res, type, errorMessage);
+    res.status(429).json({ message: 'Too many STT requests. Try again later' });
+  };
+};
+
+const createSTTLimiters = () => {
+  const { sttIpWindowMs, sttIpMax, sttUserWindowMs, sttUserMax } = getEnvironmentVariables();
+
+  const sttIpLimiter = rateLimit({
+    windowMs: sttIpWindowMs,
+    max: sttIpMax,
+    handler: createSTTHandler(),
+  });
+
+  const sttUserLimiter = rateLimit({
+    windowMs: sttUserWindowMs,
+    max: sttUserMax,
+    handler: createSTTHandler(false),
+    keyGenerator: function (req) {
+      return req.user?.id; // Use the user ID or NULL if not available
+    },
+  });
+
+  return { sttIpLimiter, sttUserLimiter };
+};
+
+module.exports = createSTTLimiters;
--- a/api/server/middleware/speech/ttsLimiters.js
+++ b/api/server/middleware/speech/ttsLimiters.js
@ -0,0 +1,68 @@
+const rateLimit = require('express-rate-limit');
+const { ViolationTypes } = require('librechat-data-provider');
+const logViolation = require('~/cache/logViolation');
+
+const getEnvironmentVariables = () => {
+  const TTS_IP_MAX = parseInt(process.env.TTS_IP_MAX) || 100;
+  const TTS_IP_WINDOW = parseInt(process.env.TTS_IP_WINDOW) || 1;
+  const TTS_USER_MAX = parseInt(process.env.TTS_USER_MAX) || 50;
+  const TTS_USER_WINDOW = parseInt(process.env.TTS_USER_WINDOW) || 1;
+
+  const ttsIpWindowMs = TTS_IP_WINDOW * 60 * 1000;
+  const ttsIpMax = TTS_IP_MAX;
+  const ttsIpWindowInMinutes = ttsIpWindowMs / 60000;
+
+  const ttsUserWindowMs = TTS_USER_WINDOW * 60 * 1000;
+  const ttsUserMax = TTS_USER_MAX;
+  const ttsUserWindowInMinutes = ttsUserWindowMs / 60000;
+
+  return {
+    ttsIpWindowMs,
+    ttsIpMax,
+    ttsIpWindowInMinutes,
+    ttsUserWindowMs,
+    ttsUserMax,
+    ttsUserWindowInMinutes,
+  };
+};
+
+const createTTSHandler = (ip = true) => {
+  const { ttsIpMax, ttsIpWindowInMinutes, ttsUserMax, ttsUserWindowInMinutes } =
+    getEnvironmentVariables();
+
+  return async (req, res) => {
+    const type = ViolationTypes.TTS_LIMIT;
+    const errorMessage = {
+      type,
+      max: ip ? ttsIpMax : ttsUserMax,
+      limiter: ip ? 'ip' : 'user',
+      windowInMinutes: ip ? ttsIpWindowInMinutes : ttsUserWindowInMinutes,
+    };
+
+    await logViolation(req, res, type, errorMessage);
+    res.status(429).json({ message: 'Too many TTS requests. Try again later' });
+  };
+};
+
+const createTTSLimiters = () => {
+  const { ttsIpWindowMs, ttsIpMax, ttsUserWindowMs, ttsUserMax } = getEnvironmentVariables();
+
+  const ttsIpLimiter = rateLimit({
+    windowMs: ttsIpWindowMs,
+    max: ttsIpMax,
+    handler: createTTSHandler(),
+  });
+
+  const ttsUserLimiter = rateLimit({
+    windowMs: ttsUserWindowMs,
+    max: ttsUserMax,
+    handler: createTTSHandler(false),
+    keyGenerator: function (req) {
+      return req.user?.id; // Use the user ID or NULL if not available
+    },
+  });
+
+  return { ttsIpLimiter, ttsUserLimiter };
+};
+
+module.exports = createTTSLimiters;
--- a/api/server/routes/files/index.js
+++ b/api/server/routes/files/index.js
@ -1,5 +1,6 @@
 const express = require('express');
 const { uaParser, checkBan, requireJwtAuth, createFileLimiters } = require('~/server/middleware');
+const { createTTSLimiters, createSTTLimiters } = require('~/server/middleware/speech');
 const { createMulterInstance } = require('./multer');

 const files = require('./files');
@ -15,8 +16,10 @@ const initialize = async () => {
  router.use(uaParser);

  /* Important: stt/tts routes must be added before the upload limiters */
-  router.use('/stt', stt);
-  router.use('/tts', tts);
+  const { sttIpLimiter, sttUserLimiter } = createSTTLimiters();
+  const { ttsIpLimiter, ttsUserLimiter } = createTTSLimiters();
+  router.use('/stt', sttIpLimiter, sttUserLimiter, stt);
+  router.use('/tts', ttsIpLimiter, ttsUserLimiter, tts);

  const upload = await createMulterInstance();
  const { fileUploadIpLimiter, fileUploadUserLimiter } = createFileLimiters();
@ -24,9 +27,6 @@ const initialize = async () => {
  router.post('/', upload.single('file'));
  router.post('/images', upload.single('file'));

-  router.use('/stt', stt);
-  router.use('/tts', tts);
-
  router.use('/', files);
  router.use('/images', images);
  router.use('/images/avatar', avatar);
--- a/api/server/services/Config/handleRateLimits.js
+++ b/api/server/services/Config/handleRateLimits.js
@ -1,3 +1,5 @@
+const { RateLimitPrefix } = require('librechat-data-provider');
+
 /**
 *
 * @param {TCustomConfig['rateLimits'] | undefined} rateLimits
@ -6,24 +8,41 @@ const handleRateLimits = (rateLimits) => {
  if (!rateLimits) {
    return;
  }
-  const { fileUploads, conversationsImport } = rateLimits;
-  if (fileUploads) {
-    process.env.FILE_UPLOAD_IP_MAX = fileUploads.ipMax ?? process.env.FILE_UPLOAD_IP_MAX;
-    process.env.FILE_UPLOAD_IP_WINDOW =
-      fileUploads.ipWindowInMinutes ?? process.env.FILE_UPLOAD_IP_WINDOW;
-    process.env.FILE_UPLOAD_USER_MAX = fileUploads.userMax ?? process.env.FILE_UPLOAD_USER_MAX;
-    process.env.FILE_UPLOAD_USER_WINDOW =
-      fileUploads.userWindowInMinutes ?? process.env.FILE_UPLOAD_USER_WINDOW;
-  }

-  if (conversationsImport) {
-    process.env.IMPORT_IP_MAX = conversationsImport.ipMax ?? process.env.IMPORT_IP_MAX;
-    process.env.IMPORT_IP_WINDOW =
-      conversationsImport.ipWindowInMinutes ?? process.env.IMPORT_IP_WINDOW;
-    process.env.IMPORT_USER_MAX = conversationsImport.userMax ?? process.env.IMPORT_USER_MAX;
-    process.env.IMPORT_USER_WINDOW =
-      conversationsImport.userWindowInMinutes ?? process.env.IMPORT_USER_WINDOW;
-  }
+  const rateLimitKeys = {
+    fileUploads: RateLimitPrefix.FILE_UPLOAD,
+    conversationsImport: RateLimitPrefix.IMPORT,
+    tts: RateLimitPrefix.TTS,
+    stt: RateLimitPrefix.STT,
+  };
+
+  Object.entries(rateLimitKeys).forEach(([key, prefix]) => {
+    const rateLimit = rateLimits[key];
+    if (rateLimit) {
+      setRateLimitEnvVars(prefix, rateLimit);
+    }
+  });
+};
+
+/**
+ * Set environment variables for rate limit configurations
+ *
+ * @param {string} prefix - Prefix for environment variable names
+ * @param {object} rateLimit - Rate limit configuration object
+ */
+const setRateLimitEnvVars = (prefix, rateLimit) => {
+  const envVarsMapping = {
+    ipMax: `${prefix}_IP_MAX`,
+    ipWindowInMinutes: `${prefix}_IP_WINDOW`,
+    userMax: `${prefix}_USER_MAX`,
+    userWindowInMinutes: `${prefix}_USER_WINDOW`,
+  };
+
+  Object.entries(envVarsMapping).forEach(([key, envVar]) => {
+    if (rateLimit[key] !== undefined) {
+      process.env[envVar] = rateLimit[key];
+    }
+  });
 };

 module.exports = handleRateLimits;