mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-20 08:31:12 -05:00
61285b0261
Introduces rate limiting to the `detect-location` function and refactors error responses in `upload-image` to provide consistent, descriptive messages. Replit-Commit-Author: Agent Replit-Commit-Session-Id: b3d7d4df-59a9-4a9c-971d-175b92dadbfa Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7cdf4e95-3f41-4180-b8e3-8ef56d032c0e/b3d7d4df-59a9-4a9c-971d-175b92dadbfa/1VcvPNb
159 lines
4.8 KiB
TypeScript
159 lines
4.8 KiB
TypeScript
import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
|
|
|
|
const corsHeaders = {
|
|
'Access-Control-Allow-Origin': '*',
|
|
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
|
|
};
|
|
|
|
interface IPLocationResponse {
|
|
country: string;
|
|
countryCode: string;
|
|
measurementSystem: 'metric' | 'imperial';
|
|
}
|
|
|
|
// Simple in-memory rate limiter
|
|
const rateLimitMap = new Map<string, { count: number; resetAt: number }>();
|
|
const RATE_LIMIT_WINDOW = 60000; // 1 minute in milliseconds
|
|
const MAX_REQUESTS = 10; // 10 requests per minute per IP
|
|
|
|
function checkRateLimit(ip: string): { allowed: boolean; retryAfter?: number } {
|
|
const now = Date.now();
|
|
const existing = rateLimitMap.get(ip);
|
|
|
|
if (!existing || now > existing.resetAt) {
|
|
// Create new entry or reset expired entry
|
|
rateLimitMap.set(ip, { count: 1, resetAt: now + RATE_LIMIT_WINDOW });
|
|
return { allowed: true };
|
|
}
|
|
|
|
if (existing.count >= MAX_REQUESTS) {
|
|
const retryAfter = Math.ceil((existing.resetAt - now) / 1000);
|
|
return { allowed: false, retryAfter };
|
|
}
|
|
|
|
existing.count++;
|
|
return { allowed: true };
|
|
}
|
|
|
|
// Clean up old entries periodically to prevent memory leak
|
|
setInterval(() => {
|
|
const now = Date.now();
|
|
for (const [ip, data] of rateLimitMap.entries()) {
|
|
if (now > data.resetAt) {
|
|
rateLimitMap.delete(ip);
|
|
}
|
|
}
|
|
}, RATE_LIMIT_WINDOW);
|
|
|
|
serve(async (req) => {
|
|
// Handle CORS preflight requests
|
|
if (req.method === 'OPTIONS') {
|
|
return new Response(null, { headers: corsHeaders });
|
|
}
|
|
|
|
try {
|
|
// Get the client's IP address
|
|
const forwarded = req.headers.get('x-forwarded-for');
|
|
const realIP = req.headers.get('x-real-ip');
|
|
const clientIP = forwarded?.split(',')[0] || realIP || '8.8.8.8'; // fallback to Google DNS for testing
|
|
|
|
// Check rate limit
|
|
const rateLimit = checkRateLimit(clientIP);
|
|
if (!rateLimit.allowed) {
|
|
return new Response(
|
|
JSON.stringify({
|
|
error: 'Rate limit exceeded',
|
|
message: 'Too many requests. Please try again later.',
|
|
retryAfter: rateLimit.retryAfter
|
|
}),
|
|
{
|
|
status: 429,
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json',
|
|
'Retry-After': String(rateLimit.retryAfter || 60)
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
console.log('Detecting location for IP:', clientIP);
|
|
|
|
// Use configurable geolocation service with proper error handling
|
|
// Defaults to ip-api.com if not configured
|
|
const geoApiUrl = Deno.env.get('GEOLOCATION_API_URL') || 'http://ip-api.com/json';
|
|
const geoApiFields = Deno.env.get('GEOLOCATION_API_FIELDS') || 'status,country,countryCode';
|
|
|
|
let geoResponse;
|
|
try {
|
|
geoResponse = await fetch(`${geoApiUrl}/${clientIP}?fields=${geoApiFields}`);
|
|
} catch (fetchError) {
|
|
console.error('Network error fetching location data:', fetchError);
|
|
throw new Error('Network error: Unable to reach geolocation service');
|
|
}
|
|
|
|
if (!geoResponse.ok) {
|
|
throw new Error(`Geolocation service returned ${geoResponse.status}: ${geoResponse.statusText}`);
|
|
}
|
|
|
|
let geoData;
|
|
try {
|
|
geoData = await geoResponse.json();
|
|
} catch (parseError) {
|
|
console.error('Failed to parse geolocation response:', parseError);
|
|
throw new Error('Invalid response format from geolocation service');
|
|
}
|
|
|
|
if (geoData.status !== 'success') {
|
|
throw new Error(`Geolocation failed: ${geoData.message || 'Invalid location data'}`);
|
|
}
|
|
|
|
// Countries that primarily use imperial system
|
|
const imperialCountries = ['US', 'LR', 'MM']; // USA, Liberia, Myanmar
|
|
const measurementSystem = imperialCountries.includes(geoData.countryCode) ? 'imperial' : 'metric';
|
|
|
|
const result: IPLocationResponse = {
|
|
country: geoData.country,
|
|
countryCode: geoData.countryCode,
|
|
measurementSystem
|
|
};
|
|
|
|
console.log('Location detected:', result);
|
|
|
|
return new Response(
|
|
JSON.stringify(result),
|
|
{
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json'
|
|
}
|
|
}
|
|
);
|
|
|
|
} catch (error) {
|
|
console.error('Error detecting location:', error);
|
|
|
|
// Return default (metric) with 500 status to indicate error occurred
|
|
// This allows proper error monitoring while still providing fallback data
|
|
const defaultResult: IPLocationResponse = {
|
|
country: 'Unknown',
|
|
countryCode: 'XX',
|
|
measurementSystem: 'metric'
|
|
};
|
|
|
|
return new Response(
|
|
JSON.stringify({
|
|
...defaultResult,
|
|
error: error instanceof Error ? error.message : 'Failed to detect location',
|
|
fallback: true
|
|
}),
|
|
{
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json'
|
|
},
|
|
status: 500
|
|
}
|
|
);
|
|
}
|
|
}); |