commons-by-codezela/lib/rate-limit.ts at main · codezelat/commons-by-codezela · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import "server-only";

import { createHash } from "crypto";
import { execute, queryOne } from "@/lib/db";

export class RateLimitError extends Error {
  retryAfterSeconds: number;

  constructor(message: string, retryAfterSeconds: number) {
    super(message);
    this.name = "RateLimitError";
    this.retryAfterSeconds = retryAfterSeconds;
  }
}

interface RateLimitOptions {
  key: string;
  limit: number;
  windowSeconds: number;
}

function getBucketStart(windowSeconds: number): string {
  const nowSeconds = Math.floor(Date.now() / 1000);
  const bucketSeconds = Math.floor(nowSeconds / windowSeconds) * windowSeconds;
  return new Date(bucketSeconds * 1000).toISOString();
}

function getHashedKey(rawKey: string): string {
  return createHash("sha256").update(rawKey).digest("hex");
}

async function cleanupOldBuckets() {
  if (Math.random() > 0.02) {
    return;
  }
  await execute(
    `DELETE FROM rate_limit_bucket
     WHERE bucket_start < NOW() - INTERVAL '3 days'`,
  );
}

export async function enforceRateLimit(options: RateLimitOptions): Promise<void> {
  const limit = Math.max(1, Math.floor(options.limit));
  const windowSeconds = Math.max(1, Math.floor(options.windowSeconds));
  const rateKey = getHashedKey(options.key);
  const bucketStart = getBucketStart(windowSeconds);

  await cleanupOldBuckets();

  const result = await queryOne<{ count: number }>(
    `INSERT INTO rate_limit_bucket (rate_key, bucket_start, count, updated_at)
     VALUES ($1, $2, 1, NOW())
     ON CONFLICT (rate_key, bucket_start)
     DO UPDATE
       SET count = rate_limit_bucket.count + 1,
           updated_at = NOW()
     RETURNING count`,
    [rateKey, bucketStart],
  );

  const count = Number(result?.count || 0);
  if (count <= limit) {
    return;
  }

  const nowMs = Date.now();
  const retryAfterSeconds = Math.max(
    1,
    Math.ceil((new Date(bucketStart).getTime() + windowSeconds * 1000 - nowMs) / 1000),
  );

  throw new RateLimitError("Too many requests. Please try again later.", retryAfterSeconds);
}

export function getClientIpFromHeaders(
  headerValue: string | null | undefined,
): string {
  if (!headerValue) {
    return "unknown";
  }
  const first = headerValue.split(",")[0]?.trim();
  return first || "unknown";
}