chore: Add global rate limit (#582)

arcoraven · web-flow · commit 3f0b01d2dc7c · 2024-07-25T16:29:23.000-07:00
* chore: Add global rate limit

* typo

* merge conflict

* fix build

* expire key
diff --git a/src/server/index.ts b/src/server/index.ts
@@ -15,6 +15,7 @@ import { withErrorHandler } from "./middleware/error";
 import { withExpress } from "./middleware/express";
 import { withRequestLogs } from "./middleware/logs";
 import { withOpenApi } from "./middleware/open-api";
+import { withRateLimit } from "./middleware/rateLimit";
 import { withWebSocket } from "./middleware/websocket";
 import { withRoutes } from "./routes";
 import { writeOpenApiToFile } from "./utils/openapi";
@@ -62,6 +63,7 @@ export const initServer = async () => {
   await withRequestLogs(server);
   await withErrorHandler(server);
   await withEnforceEngineMode(server);
+  await withRateLimit(server);
   await withWebSocket(server);
   await withAuth(server);
   await withExpress(server);
diff --git a/src/server/middleware/rateLimit.ts b/src/server/middleware/rateLimit.ts
@@ -0,0 +1,22 @@
+import { FastifyInstance } from "fastify";
+import { StatusCodes } from "http-status-codes";
+import { env } from "../../utils/env";
+import { redis } from "../../utils/redis/redis";
+import { createCustomError } from "./error";
+
+export const withRateLimit = async (server: FastifyInstance) => {
+  server.addHook("onRequest", async (request, reply) => {
+    const epochTimeInMinutes = Math.floor(new Date().getTime() / (1000 * 60));
+    const key = `rate-limit:global:${epochTimeInMinutes}`;
+    const count = await redis.incr(key);
+    redis.expire(key, 2 * 60);
+
+    if (count > env.GLOBAL_RATE_LIMIT_PER_MIN) {
+      throw createCustomError(
+        `Too many requests. Please reduce your calls to ${env.GLOBAL_RATE_LIMIT_PER_MIN} requests/minute or update the "GLOBAL_RATE_LIMIT_PER_MIN" env var.`,
+        StatusCodes.TOO_MANY_REQUESTS,
+        "TOO_MANY_REQUESTS",
+      );
+    }
+  });
+};
diff --git a/src/utils/env.ts b/src/utils/env.ts
@@ -82,6 +82,7 @@ export const env = createEnv({
     ENGINE_MODE: z
       .enum(["default", "sandbox", "server_only", "worker_only"])
       .default("default"),
+    GLOBAL_RATE_LIMIT_PER_MIN: z.coerce.number().default(400 * 60),
   },
   clientPrefix: "NEVER_USED",
   client: {},
@@ -108,6 +109,7 @@ export const env = createEnv({
       process.env.CONTRACT_SUBSCRIPTIONS_DELAY_SECONDS,
     REDIS_URL: process.env.REDIS_URL,
     ENGINE_MODE: process.env.ENGINE_MODE,
+    GLOBAL_RATE_LIMIT_PER_MIN: process.env.GLOBAL_RATE_LIMIT_PER_MIN,
   },
   onValidationError: (error: ZodError) => {
     console.error(
