Skip to content

Commit

Permalink
Get rate limit ip correctly (bluesky-social#1577)
Browse files Browse the repository at this point in the history
* get rate limit ip correctly

* comment
  • Loading branch information
dholms authored Sep 12, 2023
1 parent b14e716 commit 28fb1f4
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 7 deletions.
1 change: 1 addition & 0 deletions packages/pds/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ export class PDS {
)

const app = express()
app.set('trust proxy', true)
app.use(cors())
app.use(loggerMiddleware)
app.use(compression())
Expand Down
2 changes: 1 addition & 1 deletion packages/xrpc-server/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ export * from './stream'
export * from './rate-limiter'

export type { ServerTiming } from './util'
export { getReqIp, serverTimingHeader, ServerTimer } from './util'
export { serverTimingHeader, ServerTimer } from './util'
5 changes: 3 additions & 2 deletions packages/xrpc-server/src/rate-limiter.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import {
RateLimiterStatus,
XRPCReqContext,
} from './types'
import { getReqIp } from './util'

export type RateLimiterOpts = {
keyPrefix: string
Expand Down Expand Up @@ -155,5 +154,7 @@ export const getTightestLimit = (
return lowest
}

const defaultKey: CalcKeyFn = (ctx: XRPCReqContext) => getReqIp(ctx.req)
// when using a proxy, ensure headers are getting forwarded correctly: `app.set('trust proxy', true)`
// https://expressjs.com/en/guide/behind-proxies.html
const defaultKey: CalcKeyFn = (ctx: XRPCReqContext) => ctx.req.ip
const defaultPoints: CalcPointsFn = () => 1
4 changes: 0 additions & 4 deletions packages/xrpc-server/src/util.ts
Original file line number Diff line number Diff line change
Expand Up @@ -268,10 +268,6 @@ function decodeBodyStream(
return stream
}

export const getReqIp = (req: express.Request): string => {
return req.ips.at(-1) ?? req.ip
}

export function serverTimingHeader(timings: ServerTiming[]) {
return timings
.map((timing) => {
Expand Down

0 comments on commit 28fb1f4

Please sign in to comment.