BradNut/TofuStack
1
0
Fork 0
mirror of https://github.com/BradNut/TofuStack synced 2025-09-08 17:40:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

added rate limiter middleware

Browse source
This commit is contained in:
rykuno 2024-06-25 11:14:45 -05:00
parent 1fe545090e
commit 013ef0aa58
10 changed files with 48 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/app.d.ts vendored
View file

@ -1,6 +1,7 @@
import { ApiClient } from '$lib/server/api';
import type { User } from 'lucia';
import {parseApiResponse} from '$lib/utils/api'
import { parseApiResponse } from '$lib/utils/api'
import type { Security } from '$lib/utils/security';
// See https://kit.svelte.dev/docs/types#app
// for information about these interfaces
@ -13,17 +14,17 @@ declare global {
getAuthedUser: () => Promise<Returned<User> | null>;
getAuthedUserOrThrow: () => Promise<Returned<User>>;
}
// interface PageData {}
// interface PageState {}
// interface Platform {}
namespace Superforms {
type Message = {
type: 'error' | 'success',
text: string
}
}
type Message = {
type: 'error' | 'success',
text: string
}
}
}
}
export {};
export { };

1
src/hooks.server.ts
View file

@ -15,7 +15,6 @@ const apiClient: Handle = async ({ event, resolve }) => {
}
});
/* ----------------------------- Auth functions ----------------------------- */
async function getAuthedUser() {
const { data } = await api.iam.user.$get().then(parseApiResponse)

2
src/lib/server/api/controllers/iam.controller.ts
View file

@ -5,13 +5,13 @@ import { IamService } from '../services/iam.service';
import { signInEmailDto } from '../../../dtos/signin-email.dto';
import { setCookie } from 'hono/cookie';
import { LuciaProvider } from '../providers/lucia.provider';
import { requireAuth } from '../middleware/require-auth.middleware';
import { updateEmailDto } from '../../../dtos/update-email.dto';
import { verifyEmailDto } from '../../../dtos/verify-email.dto';
import { Hono } from 'hono';
import type { HonoTypes } from '../types';
import type { Controller } from '../interfaces/controller.interface';
import { limiter } from '../middleware/rate-limiter.middlware';
import { requireAuth } from '../middleware/auth.middleware';
/* -------------------------------------------------------------------------- */
/* Controller */

13
src/lib/server/api/middleware/auth-session.middleware.ts → src/lib/server/api/middleware/auth.middleware.ts
View file

@ -3,6 +3,8 @@ import { createMiddleware } from 'hono/factory';
import type { HonoTypes } from '../types';
import { lucia } from '../infrastructure/auth/lucia';
import { verifyRequestOrigin } from 'lucia';
import type { Session, User } from 'lucia';
import { Unauthorized } from '../common/errors';
export const verifyOrigin: MiddlewareHandler<HonoTypes> = createMiddleware(async (c, next) => {
if (c.req.method === "GET") {
@ -35,3 +37,14 @@ export const validateAuthSession: MiddlewareHandler<HonoTypes> = createMiddlewar
c.set("user", user);
return next();
})
export const requireAuth: MiddlewareHandler<{
Variables: {
session: Session;
user: User;
};
}> = createMiddleware(async (c, next) => {
const user = c.var.user;
if (!user) throw Unauthorized('You must be logged in to access this resource');
return next();
});

8
src/lib/server/api/middleware/rate-limiter.middlware.ts
View file

@ -5,18 +5,16 @@ import type { HonoTypes } from "../types";
const client = new RedisClient()
type LimiterProps = {
export function limiter({ limit, minutes, key = "" }: {
limit: number;
minutes: number;
key?: string;
}
export function limiter({limit, minutes, key = ""}: LimiterProps) {
}) {
return rateLimiter({
windowMs: minutes * 60 * 1000, // every x minutes
limit, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
standardHeaders: "draft-6", // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
keyGenerator: (c) => {
keyGenerator: (c) => {
const vars = c.var as HonoTypes['Variables'];
const clientKey = vars.user?.id || c.req.header("x-forwarded-for");
const pathKey = key || c.req.routePath;

15
src/lib/server/api/middleware/require-auth.middleware.ts
View file

@ -1,15 +0,0 @@
import type { MiddlewareHandler } from 'hono';
import { createMiddleware } from 'hono/factory';
import type { Session, User } from 'lucia';
import { Unauthorized } from '../common/errors';
export const requireAuth: MiddlewareHandler<{
Variables: {
session: Session;
user: User;
};
}> = createMiddleware(async (c, next) => {
const user = c.var.user;
if (!user) throw Unauthorized('You must be logged in to access this resource');
return next();
});

24
src/lib/server/api/services/iam.service.ts
View file

@ -33,7 +33,7 @@ export class IamService {
@inject(TokensService) private tokensService: TokensService,
@inject(MailerService) private mailerService: MailerService,
@inject(LuciaProvider) private lucia: LuciaProvider
) {}
) { }
async registerEmail(data: RegisterEmailDto) {
const existingUser = await this.usersRepository.findOneByEmail(data.email);
@ -48,16 +48,10 @@ export class IamService {
async signinEmail(data: SignInEmailDto) {
const user = await this.usersRepository.findOneByEmail(data.email);
if (!user) {
throw BadRequest('Bad credentials');
}
if (!user) throw BadRequest('Bad credentials');
const isValidToken = await this.tokensService.validateToken(user.id, data.token);
if (!isValidToken) {
throw BadRequest('Bad credentials');
}
if (!isValidToken) throw BadRequest('Bad credentials');
// if this is a new unverified user, send a welcome email and update the user
if (!user.verified) {
@ -73,17 +67,11 @@ export class IamService {
async verifyEmail(userId: string, token: string) {
const user = await this.usersRepository.findOneById(userId);
if (!user) {
throw BadRequest('User not found');
}
if (!user) throw BadRequest('User not found');
const validToken = await this.tokensService.validateToken(user.id, token);
if (!validToken) {
throw BadRequest('Invalid token');
}
if (!validToken) throw BadRequest('Invalid token');
await this.usersRepository.update(user.id, { email: validToken.email });
}

10
src/routes/(app)/+layout.svelte
View file

@ -3,16 +3,14 @@
import Menu from 'lucide-svelte/icons/menu';
import Package2 from 'lucide-svelte/icons/package-2';
import Search from 'lucide-svelte/icons/search';
import { Button } from '$lib/components/ui/button/index.js';
import * as Card from '$lib/components/ui/card/index.js';
import { Checkbox } from '$lib/components/ui/checkbox/index.js';
import * as DropdownMenu from '$lib/components/ui/dropdown-menu/index.js';
import { Input } from '$lib/components/ui/input/index.js';
import * as Sheet from '$lib/components/ui/sheet/index.js';
import { cn } from '$lib/utils/ui';
import HouseIcon from 'lucide-svelte/icons/house';
import { page } from '$app/stores';
import { enhance } from '$app/forms';
let { children } = $props();
@ -98,7 +96,11 @@
<DropdownMenu.Content align="end">
<DropdownMenu.Item href="/settings">Settings</DropdownMenu.Item>
<DropdownMenu.Separator />
<DropdownMenu.Item>Logout</DropdownMenu.Item>
<DropdownMenu.Item>
<form action="/?/logout" method="POST" use:enhance class="w-full">
<button class="w-full text-start cursor-default" type="submit">Logout</button>
</form></DropdownMenu.Item
>
</DropdownMenu.Content>
</DropdownMenu.Root>
</div>

8
src/routes/(app)/+page.server.ts
View file

@ -2,3 +2,11 @@ export const load = async ({ locals }) => {
const user = await locals.getAuthedUser();
return { user: user };
};
export const actions = {
logout: async ({ locals }) => {
console.log("Logging out")
await locals.api.iam.logout.$post()
}
}

4
src/routes/(app)/settings/account/+page.server.ts
View file

@ -3,8 +3,8 @@ import { verifyEmailDto } from "$lib/dtos/verify-email.dto.js";
import { fail, setError, superValidate } from "sveltekit-superforms";
import { zod } from "sveltekit-superforms/adapters";
export let load = async ({ locals }) => {
const authedUser = await locals.getAuthedUserOrThrow();
export let load = async (event) => {
const authedUser = await event.locals.getAuthedUserOrThrow()
return {
authedUser,