-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
527 additions
and
505 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| import type { HashFunction, Rate, RateLimiterPlugin } from '$lib/server'; | ||
| import { defaultHashFunction } from '$lib/server/hashFunction'; | ||
| import type { Cookies, RequestEvent } from '@sveltejs/kit'; | ||
| import { nanoid } from 'nanoid'; | ||
|
|
||
| export type CookieSerializeOptions = NonNullable<Parameters<Cookies['set']>[2]>; | ||
|
|
||
| export type CookieRateLimiterOptions = { | ||
| name: string; | ||
| secret: string; | ||
| rate: Rate | Rate[]; | ||
| preflight: boolean; | ||
| serializeOptions?: CookieSerializeOptions; | ||
| hashFunction?: HashFunction; | ||
| }; | ||
|
|
||
| export class CookieRateLimiter implements RateLimiterPlugin { | ||
| readonly rate: Rate | Rate[]; | ||
| private readonly cookieOptions: CookieSerializeOptions; | ||
| private readonly secret: string; | ||
| private readonly requirePreflight: boolean; | ||
| private readonly cookieId: string; | ||
| private readonly hashFunction: HashFunction; | ||
|
|
||
| constructor(options: CookieRateLimiterOptions) { | ||
| this.cookieId = options.name; | ||
| this.secret = options.secret; | ||
| this.rate = options.rate; | ||
| this.requirePreflight = options.preflight; | ||
| this.hashFunction = options.hashFunction ?? defaultHashFunction; | ||
|
|
||
| this.cookieOptions = { | ||
| path: '/', | ||
| httpOnly: true, | ||
| maxAge: 60 * 60 * 24 * 7, | ||
| sameSite: 'strict', | ||
| ...options.serializeOptions | ||
| }; | ||
| } | ||
|
|
||
| async hash(event: RequestEvent) { | ||
| const currentId = await this.userIdFromCookie( | ||
| event.cookies.get(this.cookieId), | ||
| event | ||
| ); | ||
| return currentId ? currentId : false; | ||
| } | ||
|
|
||
| async preflight(event: RequestEvent): Promise<string> { | ||
| const data = event.cookies.get(this.cookieId); | ||
| if (data) { | ||
| const userId = await this.userIdFromCookie(data, event); | ||
| if (userId) return userId; | ||
| } | ||
|
|
||
| const userId = nanoid(); | ||
|
|
||
| event.cookies.set( | ||
| this.cookieId, | ||
| userId + ';' + (await this.hashFunction(this.secret + userId)), | ||
| this.cookieOptions | ||
| ); | ||
| return userId; | ||
| } | ||
|
|
||
| private async userIdFromCookie( | ||
| cookie: string | undefined, | ||
| event: RequestEvent | ||
| ): Promise<string | null> { | ||
| const empty = () => { | ||
| return this.requirePreflight ? null : this.preflight(event); | ||
| }; | ||
|
|
||
| if (!cookie) return empty(); | ||
| const [userId, secretHash] = cookie.split(';'); | ||
| if (!userId || !secretHash) return empty(); | ||
| if ((await this.hashFunction(this.secret + userId)) != secretHash) { | ||
| return empty(); | ||
| } | ||
| return userId; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| import type { Rate, RateLimiterPlugin } from '$lib/server'; | ||
| import type { RequestEvent } from '@sveltejs/kit'; | ||
|
|
||
| export class IPRateLimiter implements RateLimiterPlugin { | ||
| readonly rate: Rate | Rate[]; | ||
|
|
||
| constructor(rate: Rate | Rate[]) { | ||
| this.rate = rate; | ||
| } | ||
|
|
||
| async hash(event: RequestEvent) { | ||
| return event.getClientAddress(); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| import type { Rate, RateLimiterPlugin } from '$lib/server'; | ||
| import type { RequestEvent } from '@sveltejs/kit'; | ||
|
|
||
| export class IPUserAgentRateLimiter implements RateLimiterPlugin { | ||
| readonly rate: Rate | Rate[]; | ||
|
|
||
| constructor(rate: Rate | Rate[]) { | ||
| this.rate = rate; | ||
| } | ||
|
|
||
| async hash(event: RequestEvent) { | ||
| const ua = event.request.headers.get('user-agent'); | ||
| if (!ua) return false; | ||
| return event.getClientAddress() + ua; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| import type { HashFunction } from '$lib/server/index.js'; | ||
|
|
||
| export let defaultHashFunction: HashFunction; | ||
|
|
||
| if (globalThis?.crypto?.subtle) { | ||
| defaultHashFunction = _subtleSha256; | ||
| } | ||
|
|
||
| async function _subtleSha256(str: string) { | ||
| const digest = await crypto.subtle.digest( | ||
| 'SHA-256', | ||
| new TextEncoder().encode(str) | ||
| ); | ||
| return [...new Uint8Array(digest)] | ||
| .map((b) => b.toString(16).padStart(2, '0')) | ||
| .join(''); | ||
| } |
Oops, something went wrong.