| | const rateLimit = require('express-rate-limit'); |
| | const { limiterCache } = require('@librechat/api'); |
| | const { ViolationTypes } = require('librechat-data-provider'); |
| | const logViolation = require('~/cache/logViolation'); |
| |
|
| | const getEnvironmentVariables = () => { |
| | const FILE_UPLOAD_IP_MAX = parseInt(process.env.FILE_UPLOAD_IP_MAX) || 100; |
| | const FILE_UPLOAD_IP_WINDOW = parseInt(process.env.FILE_UPLOAD_IP_WINDOW) || 15; |
| | const FILE_UPLOAD_USER_MAX = parseInt(process.env.FILE_UPLOAD_USER_MAX) || 50; |
| | const FILE_UPLOAD_USER_WINDOW = parseInt(process.env.FILE_UPLOAD_USER_WINDOW) || 15; |
| | const FILE_UPLOAD_VIOLATION_SCORE = process.env.FILE_UPLOAD_VIOLATION_SCORE; |
| |
|
| | const fileUploadIpWindowMs = FILE_UPLOAD_IP_WINDOW * 60 * 1000; |
| | const fileUploadIpMax = FILE_UPLOAD_IP_MAX; |
| | const fileUploadIpWindowInMinutes = fileUploadIpWindowMs / 60000; |
| |
|
| | const fileUploadUserWindowMs = FILE_UPLOAD_USER_WINDOW * 60 * 1000; |
| | const fileUploadUserMax = FILE_UPLOAD_USER_MAX; |
| | const fileUploadUserWindowInMinutes = fileUploadUserWindowMs / 60000; |
| |
|
| | return { |
| | fileUploadIpWindowMs, |
| | fileUploadIpMax, |
| | fileUploadIpWindowInMinutes, |
| | fileUploadUserWindowMs, |
| | fileUploadUserMax, |
| | fileUploadUserWindowInMinutes, |
| | fileUploadViolationScore: FILE_UPLOAD_VIOLATION_SCORE, |
| | }; |
| | }; |
| |
|
| | const createFileUploadHandler = (ip = true) => { |
| | const { |
| | fileUploadIpMax, |
| | fileUploadIpWindowInMinutes, |
| | fileUploadUserMax, |
| | fileUploadUserWindowInMinutes, |
| | fileUploadViolationScore, |
| | } = getEnvironmentVariables(); |
| |
|
| | return async (req, res) => { |
| | const type = ViolationTypes.FILE_UPLOAD_LIMIT; |
| | const errorMessage = { |
| | type, |
| | max: ip ? fileUploadIpMax : fileUploadUserMax, |
| | limiter: ip ? 'ip' : 'user', |
| | windowInMinutes: ip ? fileUploadIpWindowInMinutes : fileUploadUserWindowInMinutes, |
| | }; |
| |
|
| | await logViolation(req, res, type, errorMessage, fileUploadViolationScore); |
| | res.status(429).json({ message: 'Too many file upload requests. Try again later' }); |
| | }; |
| | }; |
| |
|
| | const createFileLimiters = () => { |
| | const { fileUploadIpWindowMs, fileUploadIpMax, fileUploadUserWindowMs, fileUploadUserMax } = |
| | getEnvironmentVariables(); |
| |
|
| | const ipLimiterOptions = { |
| | windowMs: fileUploadIpWindowMs, |
| | max: fileUploadIpMax, |
| | handler: createFileUploadHandler(), |
| | store: limiterCache('file_upload_ip_limiter'), |
| | }; |
| |
|
| | const userLimiterOptions = { |
| | windowMs: fileUploadUserWindowMs, |
| | max: fileUploadUserMax, |
| | handler: createFileUploadHandler(false), |
| | keyGenerator: function (req) { |
| | return req.user?.id; |
| | }, |
| | store: limiterCache('file_upload_user_limiter'), |
| | }; |
| |
|
| | const fileUploadIpLimiter = rateLimit(ipLimiterOptions); |
| | const fileUploadUserLimiter = rateLimit(userLimiterOptions); |
| |
|
| | return { fileUploadIpLimiter, fileUploadUserLimiter }; |
| | }; |
| |
|
| | module.exports = { |
| | createFileLimiters, |
| | }; |
| |
|
