Added rate limiting to all methods

2020-06-06 14:23:13 +02:00
parent 93d566e263
commit ea8d036c72
16 changed files with 252 additions and 0 deletions
--- a/app/imports/api/creature/CreatureProperties.js
+++ b/app/imports/api/creature/CreatureProperties.js
@@ -1,5 +1,6 @@
 import { Meteor } from 'meteor/meteor';
 import { Mongo } from 'meteor/mongo';
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
 import SimpleSchema from 'simpl-schema';
 import ColorSchema from '/imports/api/properties/subSchemas/ColorSchema.js';
@@ -78,6 +79,11 @@ function recomputeCreatures(property){
 const insertProperty = new ValidatedMethod({
  name: 'creatureProperties.insert',
 	validate: null,
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({creatureProperty}) {
    delete creatureProperty._id;
    assertPropertyEditPermission(creatureProperty, this.userId);
@@ -95,6 +101,11 @@ const duplicateProperty = new ValidatedMethod({
      regEx: SimpleSchema.RegEx.Id,
    }
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({_id}) {
    let creatureProperty = CreatureProperties.findOne(_id);
    assertPropertyEditPermission(creatureProperty, this.userId);
@@ -115,6 +126,11 @@ const insertPropertyFromLibraryNode = new ValidatedMethod({
 			type: RefSchema,
 		},
 	}).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
 	run({nodeId, parentRef}) {
 		// get the new ancestry for the properties
 		let {parentDoc, ancestors} = getAncestry({parentRef});
@@ -192,6 +208,11 @@ const updateProperty = new ValidatedMethod({
 				'This property can\'t be updated directly');
 		}
  },
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({_id, path, value}) {
    let property = CreatureProperties.findOne(_id);
    assertPropertyEditPermission(property, this.userId);
@@ -220,6 +241,11 @@ const damageProperty = new ValidatedMethod({
    },
    value: Number,
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({_id, operation, value}) {
 		let currentProperty = CreatureProperties.findOne(_id);
 		// Check permissions
@@ -274,6 +300,11 @@ const adjustQuantity = new ValidatedMethod({
    },
    value: Number,
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({_id, operation, value}) {
 		let currentProperty = CreatureProperties.findOne(_id);
 		// Check permissions
@@ -309,6 +340,11 @@ const adjustQuantity = new ValidatedMethod({
 const pushToProperty = new ValidatedMethod({
 	name: 'creatureProperties.push',
 	validate: null,
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
 	run({_id, path, value}){
 		let property = CreatureProperties.findOne(_id);
    assertPropertyEditPermission(property, this.userId);
@@ -324,6 +360,11 @@ const pushToProperty = new ValidatedMethod({
 const pullFromProperty = new ValidatedMethod({
 	name: 'creatureProperties.pull',
 	validate: null,
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
 	run({_id, path, itemId}){
 		let property = CreatureProperties.findOne(_id);
    assertPropertyEditPermission(property, this.userId);
@@ -342,6 +383,11 @@ const softRemoveProperty = new ValidatedMethod({
 	validate: new SimpleSchema({
 		_id: SimpleSchema.RegEx.Id
 	}).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
 	run({_id}){
 		let property = CreatureProperties.findOne(_id);
    assertPropertyEditPermission(property, this.userId);
--- a/app/imports/api/creature/Creatures.js
+++ b/app/imports/api/creature/Creatures.js
@@ -1,4 +1,5 @@
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import SimpleSchema from 'simpl-schema';
 import deathSaveSchema from '/imports/api/properties/subSchemas/DeathSavesSchema.js'
 import ColorSchema from '/imports/api/properties/subSchemas/ColorSchema.js';
@@ -124,6 +125,12 @@ const insertCreature = new ValidatedMethod({

  validate: null,

+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
+
  run() {
    if (!this.userId) {
      throw new Meteor.Error('Creatures.methods.insert.denied',
@@ -164,6 +171,11 @@ const updateCreature = new ValidatedMethod({
      'This field can\'t be updated using this method');
 		}
  },
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({_id, path, value}) {
 		let creature = Creatures.findOne(_id);
    assertEditPermission(creature, this.userId);
--- a/app/imports/api/creature/computation/recomputeCreature.js
+++ b/app/imports/api/creature/computation/recomputeCreature.js
@@ -1,4 +1,5 @@
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import SimpleSchema from 'simpl-schema';
 import { assertEditPermission } from '/imports/api/creature/creaturePermissions.js';
 import ComputationMemo from '/imports/api/creature/computation/ComputationMemo.js';
@@ -17,6 +18,12 @@ export const recomputeCreature = new ValidatedMethod({
    charId: { type: String }
  }).validator(),

+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
+
  run({charId}) {
    let creature = Creatures.findOne(charId);
    // Permission
--- a/app/imports/api/creature/damageMultiplierDenormalise/recomputeDamageMultipliers.js
+++ b/app/imports/api/creature/damageMultiplierDenormalise/recomputeDamageMultipliers.js
@@ -1,4 +1,5 @@
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import SimpleSchema from 'simpl-schema';
 import { assertEditPermission } from '/imports/api/creature/creaturePermissions.js';
 import Creatures from '/imports/api/creature/Creatures.js';
@@ -12,6 +13,12 @@ export const recomputeDamageMultipliers = new ValidatedMethod({
    creatureId: { type: String }
  }).validator(),

+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
+
  run({creatureId}) {
    // Permission
    assertEditPermission(creatureId, this.userId);
--- a/app/imports/api/creature/experience/Experiences.js
+++ b/app/imports/api/creature/experience/Experiences.js
@@ -1,5 +1,6 @@
 import SimpleSchema from 'simpl-schema';
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import { getUserTier } from '/imports/api/users/patreon/tiers.js';
 import { assertEditPermission } from '/imports/api/creature/creaturePermissions.js';
 import Creatures from '/imports/api/creature/Creatures.js';
@@ -78,6 +79,11 @@ const insertExperience = new ValidatedMethod({
      regEx: SimpleSchema.RegEx.Id,
    },
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({experience, creatureIds}) {
    let userId = this.userId;
    if (!userId) {
@@ -106,6 +112,11 @@ const removeExperience = new ValidatedMethod({
      regEx: SimpleSchema.RegEx.Id,
    },
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({experienceId}) {
    let userId = this.userId;
    if (!userId) {
@@ -146,6 +157,11 @@ const recomputeExperiences = new ValidatedMethod({
      regEx: SimpleSchema.RegEx.Id,
    },
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({creatureId}) {
    let userId = this.userId;
    if (!userId) {
--- a/app/imports/api/creature/removeCreature.js
+++ b/app/imports/api/creature/removeCreature.js
@@ -1,5 +1,6 @@
 import SimpleSchema from 'simpl-schema';
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import Creatures from '/imports/api/creature/Creatures.js';
 import CreatureProperties from '/imports/api/creature/CreatureProperties.js'
 import { assertOwnership } from '/imports/api/creature/creaturePermissions.js';
@@ -18,6 +19,11 @@ const removeCreature = new ValidatedMethod({
      regEx: SimpleSchema.RegEx.Id,
    },
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({charId}) {
    assertOwnership(charId, this.userId)
    Creatures.remove(charId);
--- a/app/imports/api/creature/restCreature.js
+++ b/app/imports/api/creature/restCreature.js
@@ -1,5 +1,6 @@
 import SimpleSchema from 'simpl-schema';
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import Creatures from '/imports/api/creature/Creatures.js';
 import CreatureProperties from '/imports/api/creature/CreatureProperties.js';
 import getActiveProperties, { getActivePropertyFilter } from '/imports/api/creature/getActiveProperties.js';
@@ -18,6 +19,11 @@ const restCreature = new ValidatedMethod({
      allowedValues: ['shortRest', 'longRest'],
    },
  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
  run({creatureId, restType}) {
    let creature = Creatures.findOne(creatureId, {
      fields: {