From 995374ff48247838df1a763dfaaa38d045e17ca5 Mon Sep 17 00:00:00 2001
From: Overtorment <overtorment@gmail.com>
Date: Thu, 21 Mar 2019 20:49:45 +0000
Subject: [PATCH] ADD: rate limiting

---
 controllers/api.js | 18 +++++++++++++-----
 package-lock.json  | 21 +++++++++++++++++++++
 package.json       |  1 +
 3 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/controllers/api.js b/controllers/api.js
index cfc6078..01e6d01 100644
--- a/controllers/api.js
+++ b/controllers/api.js
@@ -53,7 +53,14 @@ redis.info(function(err, info) {
 
 // ######################## ROUTES ########################
 
-router.post('/create', async function(req, res) {
+const rateLimit = require('express-rate-limit');
+const postLimiter = rateLimit({
+  windowMs: 30 * 60 * 1000,
+  max: 50,
+  message: 'You are going too fast',
+});
+
+router.post('/create', postLimiter, async function(req, res) {
   logger.log('/create', [req.id]);
   if (!(req.body.partnerid && req.body.partnerid === 'bluewallet' && req.body.accounttype)) return errorBadArguments(res);
 
@@ -63,7 +70,7 @@ router.post('/create', async function(req, res) {
   res.send({ login: u.getLogin(), password: u.getPassword() });
 });
 
-router.post('/auth', async function(req, res) {
+router.post('/auth', postLimiter, async function(req, res) {
   logger.log('/auth', [req.id]);
   if (!((req.body.login && req.body.password) || req.body.refresh_token)) return errorBadArguments(res);
 
@@ -84,12 +91,13 @@ router.post('/auth', async function(req, res) {
   }
 });
 
-router.post('/addinvoice', async function(req, res) {
+router.post('/addinvoice', postLimiter, async function(req, res) {
   logger.log('/addinvoice', [req.id]);
   let u = new User(redis, bitcoinclient, lightning);
   if (!(await u.loadByAuthorization(req.headers.authorization))) {
     return errorBadAuth(res);
   }
+  logger.log('/addinvoice', [req.id, 'userid: ' + u.getUserId()]);
 
   if (!req.body.amt) return errorBadArguments(res);
 
@@ -243,7 +251,7 @@ router.get('/getbtc', async function(req, res) {
   res.send([{ address }]);
 });
 
-router.get('/balance', async function(req, res) {
+router.get('/balance', postLimiter, async function(req, res) {
   logger.log('/balance', [req.id]);
   let u = new User(redis, bitcoinclient, lightning);
   if (!(await u.loadByAuthorization(req.headers.authorization))) {
@@ -257,7 +265,7 @@ router.get('/balance', async function(req, res) {
   res.send({ BTC: { AvailableBalance: balance } });
 });
 
-router.get('/getinfo', async function(req, res) {
+router.get('/getinfo', postLimiter, async function(req, res) {
   logger.log('/getinfo', [req.id]);
   let u = new User(redis, bitcoinclient, lightning);
   if (!(await u.loadByAuthorization(req.headers.authorization))) {
diff --git a/package-lock.json b/package-lock.json
index 3daf61f..9e716c1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1476,6 +1476,11 @@
         }
       }
     },
+    "clone": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz",
+      "integrity": "sha1-2jCcwmPfFZlMaIypAheco8fNfH4="
+    },
     "cluster-key-slot": {
       "version": "1.0.12",
       "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.0.12.tgz",
@@ -1691,6 +1696,14 @@
       "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
       "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ="
     },
+    "defaults": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/defaults/-/defaults-1.0.3.tgz",
+      "integrity": "sha1-xlYFHpgX2f8I7YgUd/P+QBnz730=",
+      "requires": {
+        "clone": "^1.0.2"
+      }
+    },
     "define-property": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz",
@@ -2138,6 +2151,14 @@
         "vary": "~1.1.2"
       }
     },
+    "express-rate-limit": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-3.4.0.tgz",
+      "integrity": "sha512-SktWQGHhTQfIOZykiVIaoqmHCptqq177fEbumVytWsMpEqe+g78IFrfzivJTimoCdMZ5+vYJ5/a/w1darXMv+A==",
+      "requires": {
+        "defaults": "^1.0.3"
+      }
+    },
     "extend": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
diff --git a/package.json b/package.json
index f1fbb5a..e5da71b 100644
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
     "eslint-config-prettier": "^3.3.0",
     "eslint-plugin-prettier": "^3.0.0",
     "express": "^4.16.4",
+    "express-rate-limit": "^3.4.0",
     "grpc": "^1.17.0-pre1",
     "ioredis": "^4.2.0",
     "jayson": "^2.1.0",