use the correct remote address

we're doing the same thing that Fastify does in the non-streaming
ServerService
This commit is contained in:
dakkar 2024-08-16 18:00:50 +01:00
parent 311a31da58
commit 4cd44130e0
3 changed files with 15 additions and 3 deletions

View file

@ -156,6 +156,7 @@
"pkce-challenge": "4.1.0", "pkce-challenge": "4.1.0",
"probe-image-size": "7.2.3", "probe-image-size": "7.2.3",
"promise-limit": "2.7.0", "promise-limit": "2.7.0",
"proxy-addr": "^2.0.7",
"pug": "3.0.2", "pug": "3.0.2",
"punycode": "2.3.1", "punycode": "2.3.1",
"qrcode": "1.5.3", "qrcode": "1.5.3",

View file

@ -22,6 +22,7 @@ import { ChannelsService } from './stream/ChannelsService.js';
import { RateLimiterService } from './RateLimiterService.js'; import { RateLimiterService } from './RateLimiterService.js';
import { RoleService } from '@/core/RoleService.js'; import { RoleService } from '@/core/RoleService.js';
import { getIpHash } from '@/misc/get-ip-hash.js'; import { getIpHash } from '@/misc/get-ip-hash.js';
import proxyAddr from 'proxy-addr';
import ms from 'ms'; import ms from 'ms';
import type * as http from 'node:http'; import type * as http from 'node:http';
import type { IEndpointMeta } from './endpoints.js'; import type { IEndpointMeta } from './endpoints.js';
@ -69,7 +70,9 @@ export class StreamingApiServerService {
if (factor <= 0) return false; if (factor <= 0) return false;
// Rate limit // Rate limit
return await this.rateLimiterService.limit(limit, limitActor, factor).then(() => { return false }).catch(err => { return true }); return await this.rateLimiterService.limit(limit, limitActor, factor)
.then(() => { return false; })
.catch(err => { return true; });
} }
@bindThis @bindThis
@ -85,7 +88,12 @@ export class StreamingApiServerService {
return; return;
} }
if (await this.rateLimitThis(null, request.socket.remoteAddress, { // ServerServices sets `trustProxy: true`, which inside
// fastify/request.js ends up calling `proxyAddr` in this way,
// so we do the same
const requestIp = proxyAddr(request, () => { return true; } );
if (await this.rateLimitThis(null, requestIp, {
key: 'wsconnect', key: 'wsconnect',
duration: ms('1min'), duration: ms('1min'),
max: 20, max: 20,
@ -134,7 +142,7 @@ export class StreamingApiServerService {
} }
const rateLimiter = () => { const rateLimiter = () => {
return this.rateLimitThis(user, request.socket.remoteAddress, { return this.rateLimitThis(user, requestIp, {
key: 'wsmessage', key: 'wsmessage',
duration: ms('1sec'), duration: ms('1sec'),
max: 100, max: 100,

3
pnpm-lock.yaml generated
View file

@ -352,6 +352,9 @@ importers:
promise-limit: promise-limit:
specifier: 2.7.0 specifier: 2.7.0
version: 2.7.0 version: 2.7.0
proxy-addr:
specifier: ^2.0.7
version: 2.0.7
pug: pug:
specifier: 3.0.2 specifier: 3.0.2
version: 3.0.2 version: 3.0.2