mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-20 17:51:12 -05:00
4bdbdac7c3
Refactor validation logic for 'founded_year' in multiple form components, enhance image cleanup in `EntityMultiImageUploader`, update `useEntityVersions` to prevent race conditions, improve error handling for recent searches in `useSearch`, refine rate limiting logic in `detect-location` Supabase function, and update CORS configuration for `upload-image` Supabase function. Replit-Commit-Author: Agent Replit-Commit-Session-Id: b9af4867-23a7-43cc-baeb-4a97f66b4150 Replit-Commit-Checkpoint-Type: intermediate_checkpoint
192 lines
6.0 KiB
TypeScript
192 lines
6.0 KiB
TypeScript
import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
|
|
|
|
const corsHeaders = {
|
|
'Access-Control-Allow-Origin': '*',
|
|
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
|
|
};
|
|
|
|
interface IPLocationResponse {
|
|
country: string;
|
|
countryCode: string;
|
|
measurementSystem: 'metric' | 'imperial';
|
|
}
|
|
|
|
// Simple in-memory rate limiter
|
|
const rateLimitMap = new Map<string, { count: number; resetAt: number }>();
|
|
const RATE_LIMIT_WINDOW = 60000; // 1 minute in milliseconds
|
|
const MAX_REQUESTS = 10; // 10 requests per minute per IP
|
|
const MAX_MAP_SIZE = 10000; // Maximum number of IPs to track
|
|
|
|
function cleanupExpiredEntries() {
|
|
try {
|
|
const now = Date.now();
|
|
let deletedCount = 0;
|
|
|
|
for (const [ip, data] of rateLimitMap.entries()) {
|
|
if (now > data.resetAt) {
|
|
rateLimitMap.delete(ip);
|
|
deletedCount++;
|
|
}
|
|
}
|
|
|
|
if (deletedCount > 0) {
|
|
console.log(`Cleaned up ${deletedCount} expired rate limit entries`);
|
|
}
|
|
} catch (error) {
|
|
console.error('Error during cleanup:', error);
|
|
}
|
|
}
|
|
|
|
function checkRateLimit(ip: string): { allowed: boolean; retryAfter?: number } {
|
|
const now = Date.now();
|
|
const existing = rateLimitMap.get(ip);
|
|
|
|
if (!existing || now > existing.resetAt) {
|
|
// If map is too large, clean up expired entries first
|
|
if (rateLimitMap.size >= MAX_MAP_SIZE) {
|
|
cleanupExpiredEntries();
|
|
|
|
// If still too large after cleanup, remove entries based on LRU (oldest resetAt)
|
|
if (rateLimitMap.size >= MAX_MAP_SIZE) {
|
|
const toDelete = Math.floor(MAX_MAP_SIZE * 0.3); // Remove 30% of entries
|
|
const sortedEntries = Array.from(rateLimitMap.entries())
|
|
.sort((a, b) => a[1].resetAt - b[1].resetAt);
|
|
|
|
for (let i = 0; i < toDelete && i < sortedEntries.length; i++) {
|
|
rateLimitMap.delete(sortedEntries[i][0]);
|
|
}
|
|
|
|
console.warn(`Rate limit map reached ${MAX_MAP_SIZE} entries. Cleared ${toDelete} oldest entries.`);
|
|
}
|
|
}
|
|
|
|
// Create new entry or reset expired entry
|
|
rateLimitMap.set(ip, { count: 1, resetAt: now + RATE_LIMIT_WINDOW });
|
|
return { allowed: true };
|
|
}
|
|
|
|
if (existing.count >= MAX_REQUESTS) {
|
|
const retryAfter = Math.ceil((existing.resetAt - now) / 1000);
|
|
return { allowed: false, retryAfter };
|
|
}
|
|
|
|
existing.count++;
|
|
return { allowed: true };
|
|
}
|
|
|
|
// Clean up old entries periodically to prevent memory leak
|
|
// Run cleanup more frequently to catch expired entries sooner
|
|
setInterval(cleanupExpiredEntries, Math.min(RATE_LIMIT_WINDOW / 2, 30000)); // Every 30 seconds or half the window
|
|
|
|
serve(async (req) => {
|
|
// Handle CORS preflight requests
|
|
if (req.method === 'OPTIONS') {
|
|
return new Response(null, { headers: corsHeaders });
|
|
}
|
|
|
|
try {
|
|
// Get the client's IP address
|
|
const forwarded = req.headers.get('x-forwarded-for');
|
|
const realIP = req.headers.get('x-real-ip');
|
|
const clientIP = forwarded?.split(',')[0] || realIP || '8.8.8.8'; // fallback to Google DNS for testing
|
|
|
|
// Check rate limit
|
|
const rateLimit = checkRateLimit(clientIP);
|
|
if (!rateLimit.allowed) {
|
|
return new Response(
|
|
JSON.stringify({
|
|
error: 'Rate limit exceeded',
|
|
message: 'Too many requests. Please try again later.',
|
|
retryAfter: rateLimit.retryAfter
|
|
}),
|
|
{
|
|
status: 429,
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json',
|
|
'Retry-After': String(rateLimit.retryAfter || 60)
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
console.log('Detecting location for IP:', clientIP);
|
|
|
|
// Use configurable geolocation service with proper error handling
|
|
// Defaults to ip-api.com if not configured
|
|
const geoApiUrl = Deno.env.get('GEOLOCATION_API_URL') || 'http://ip-api.com/json';
|
|
const geoApiFields = Deno.env.get('GEOLOCATION_API_FIELDS') || 'status,country,countryCode';
|
|
|
|
let geoResponse;
|
|
try {
|
|
geoResponse = await fetch(`${geoApiUrl}/${clientIP}?fields=${geoApiFields}`);
|
|
} catch (fetchError) {
|
|
console.error('Network error fetching location data:', fetchError);
|
|
throw new Error('Network error: Unable to reach geolocation service');
|
|
}
|
|
|
|
if (!geoResponse.ok) {
|
|
throw new Error(`Geolocation service returned ${geoResponse.status}: ${geoResponse.statusText}`);
|
|
}
|
|
|
|
let geoData;
|
|
try {
|
|
geoData = await geoResponse.json();
|
|
} catch (parseError) {
|
|
console.error('Failed to parse geolocation response:', parseError);
|
|
throw new Error('Invalid response format from geolocation service');
|
|
}
|
|
|
|
if (geoData.status !== 'success') {
|
|
throw new Error(`Geolocation failed: ${geoData.message || 'Invalid location data'}`);
|
|
}
|
|
|
|
// Countries that primarily use imperial system
|
|
const imperialCountries = ['US', 'LR', 'MM']; // USA, Liberia, Myanmar
|
|
const measurementSystem = imperialCountries.includes(geoData.countryCode) ? 'imperial' : 'metric';
|
|
|
|
const result: IPLocationResponse = {
|
|
country: geoData.country,
|
|
countryCode: geoData.countryCode,
|
|
measurementSystem
|
|
};
|
|
|
|
console.log('Location detected:', result);
|
|
|
|
return new Response(
|
|
JSON.stringify(result),
|
|
{
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json'
|
|
}
|
|
}
|
|
);
|
|
|
|
} catch (error) {
|
|
console.error('Error detecting location:', error);
|
|
|
|
// Return default (metric) with 500 status to indicate error occurred
|
|
// This allows proper error monitoring while still providing fallback data
|
|
const defaultResult: IPLocationResponse = {
|
|
country: 'Unknown',
|
|
countryCode: 'XX',
|
|
measurementSystem: 'metric'
|
|
};
|
|
|
|
return new Response(
|
|
JSON.stringify({
|
|
...defaultResult,
|
|
error: error instanceof Error ? error.message : 'Failed to detect location',
|
|
fallback: true
|
|
}),
|
|
{
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json'
|
|
},
|
|
status: 500
|
|
}
|
|
);
|
|
}
|
|
}); |