pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 17:31:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
13c6e20f1188cd67394a53050eea6decdae6a0b0
thrilltrack-explorer/supabase/functions/_shared/rateLimiter.ts
gpt-engineer-app[bot] 6efb6dda66 Fix all compliance violations
2025-11-03 18:38:46 +00:00

219 lines
6.4 KiB
TypeScript
Raw Blame History

/**
* Shared Rate Limiting Middleware for Edge Functions
* Prevents abuse and DoS attacks with in-memory rate limiting
*/
export interface RateLimitConfig {
windowMs: number; // Time window in milliseconds
maxRequests: number; // Max requests per window
maxMapSize?: number; // Max IPs to track (default: 10000)
keyGenerator?: (req: Request) => string; // Custom key generator
trustProxy?: boolean; // Trust X-Forwarded-For header
}
export interface RateLimitResult {
allowed: boolean;
retryAfter?: number;
remaining?: number;
}
class RateLimiter {
private rateLimitMap = new Map<string, { count: number; resetAt: number }>();
private config: Required<RateLimitConfig>;
private cleanupInterval: number;
constructor(config: RateLimitConfig) {
this.config = {
maxMapSize: 10000,
keyGenerator: (req: Request) => this.getClientIP(req),
trustProxy: true,
...config
};
// Setup periodic cleanup
this.cleanupInterval = setInterval(
() => this.cleanupExpiredEntries(),
Math.min(this.config.windowMs / 2, 30000)
);
}
private getClientIP(req: Request): string {
if (this.config.trustProxy) {
const forwarded = req.headers.get('x-forwarded-for');
if (forwarded) return forwarded.split(',')[0].trim();
const realIP = req.headers.get('x-real-ip');
if (realIP) return realIP;
}
// Fallback for testing
return '0.0.0.0';
}
private cleanupExpiredEntries(): void {
try {
const now = Date.now();
let deletedCount = 0;
for (const [key, data] of this.rateLimitMap.entries()) {
if (now > data.resetAt) {
this.rateLimitMap.delete(key);
deletedCount++;
}
}
// Cleanup runs silently unless there are issues
} catch (error) {
// Emergency: Clear oldest 30% if cleanup fails
if (this.rateLimitMap.size > this.config.maxMapSize) {
const toClear = Math.floor(this.rateLimitMap.size * 0.3);
const keys = Array.from(this.rateLimitMap.keys()).slice(0, toClear);
keys.forEach(key => this.rateLimitMap.delete(key));
}
}
}
check(req: Request): RateLimitResult {
const key = this.config.keyGenerator(req);
const now = Date.now();
const existing = this.rateLimitMap.get(key);
// Check existing entry
if (existing && now <= existing.resetAt) {
if (existing.count >= this.config.maxRequests) {
const retryAfter = Math.ceil((existing.resetAt - now) / 1000);
return {
allowed: false,
retryAfter,
remaining: 0
};
}
existing.count++;
return {
allowed: true,
remaining: this.config.maxRequests - existing.count
};
}
// Handle capacity
if (!existing && this.rateLimitMap.size >= this.config.maxMapSize) {
this.cleanupExpiredEntries();
// LRU eviction if still at capacity
if (this.rateLimitMap.size >= this.config.maxMapSize) {
const toDelete = Math.floor(this.config.maxMapSize * 0.3);
const sortedEntries = Array.from(this.rateLimitMap.entries())
.sort((a, b) => a[1].resetAt - b[1].resetAt);
for (let i = 0; i < toDelete && i < sortedEntries.length; i++) {
this.rateLimitMap.delete(sortedEntries[i][0]);
}
}
}
// Create new entry
this.rateLimitMap.set(key, {
count: 1,
resetAt: now + this.config.windowMs
});
return {
allowed: true,
remaining: this.config.maxRequests - 1
};
}
destroy(): void {
clearInterval(this.cleanupInterval);
this.rateLimitMap.clear();
}
}
// Export factory function for different rate limit tiers
export function createRateLimiter(config: RateLimitConfig): RateLimiter {
return new RateLimiter(config);
}
// Pre-configured rate limiters for common use cases
export const rateLimiters = {
// Strict: For expensive operations (file uploads, data exports)
strict: createRateLimiter({
windowMs: 60000, // 1 minute
maxRequests: 5, // 5 requests per minute
}),
// Standard: For most API endpoints
standard: createRateLimiter({
windowMs: 60000, // 1 minute
maxRequests: 10, // 10 requests per minute
}),
// Lenient: For read-only, cached endpoints
lenient: createRateLimiter({
windowMs: 60000, // 1 minute
maxRequests: 30, // 30 requests per minute
}),
// Per-user: For authenticated endpoints (uses user ID as key)
perUser: (maxRequests: number = 20) => createRateLimiter({
windowMs: 60000,
maxRequests,
keyGenerator: (req: Request) => {
// Extract user ID from Authorization header JWT
const authHeader = req.headers.get('Authorization');
if (authHeader) {
try {
const token = authHeader.replace('Bearer ', '');
const payload = JSON.parse(atob(token.split('.')[1]));
return `user:${payload.sub}`;
} catch {
// Fall back to IP if JWT parsing fails
return req.headers.get('x-forwarded-for')?.split(',')[0] || '0.0.0.0';
}
}
return req.headers.get('x-forwarded-for')?.split(',')[0] || '0.0.0.0';
}
}),
};
// Middleware helper
export function withRateLimit(
handler: (req: Request) => Promise<Response>,
limiter: RateLimiter,
corsHeaders: Record<string, string> = {}
): (req: Request) => Promise<Response> {
return async (req: Request) => {
const result = limiter.check(req);
if (!result.allowed) {
return new Response(
JSON.stringify({
error: 'Rate limit exceeded',
message: 'Too many requests. Please try again later.',
retryAfter: result.retryAfter
}),
{
status: 429,
headers: {
...corsHeaders,
'Content-Type': 'application/json',
'Retry-After': String(result.retryAfter || 60),
'X-RateLimit-Limit': String(limiter['config'].maxRequests),
'X-RateLimit-Remaining': String(result.remaining || 0),
}
}
);
}
const response = await handler(req);
// Add rate limit headers to successful responses
if (result.remaining !== undefined) {
response.headers.set('X-RateLimit-Limit', String(limiter['config'].maxRequests));
response.headers.set('X-RateLimit-Remaining', String(result.remaining));
}
return response;
};
}
Reference in New Issue View Git Blame Copy Permalink