Merge pull request #8 from cl-aaron/master

cl-aaron · cl-aaron · commit 8d3628b986aa · 2014-06-12T16:57:57.000-07:00
Refactored to use ratelimiter module, clarify names, and formatting
diff --git a/README.md b/README.md
@@ -2,7 +2,6 @@
 
 A simple ip based rate limiting plugin for Hapi using Redis.
 
-WARNING: This is not sufficient protection against DDoS attacks.
 
 ##Installation
   npm install hapi-ratelimit
@@ -16,7 +15,7 @@ var server = Hapi.createServer();
 var rateOpts = {
   redis:{port:#redis-port#, host:#redis-host#},
   namespace:"clhr", //namespace for redis keys
-  global: {limit: 200, bucketLength: 60 } //Set limit to -1 or leave out global to disable global limit
+  global: {limit: 200, duration: 60 } //Set limit to -1 or leave out global to disable global limit
   //The global limit is not given priority over local limits
 };
 server.route({
@@ -25,7 +24,7 @@ server.route({
   handler: someHandler,
   configs: {
     plugins: {
-       "hapi-ratelimit": {limit: 100, bucketLength: 60} //limits to one hundred hits per minute on a specific route
+       "hapi-ratelimit": {limit: 100, duration: 60} //limits to one hundred hits per minute on a specific route
     }
   }
 });
diff --git a/lib/index.js b/lib/index.js
@@ -1,67 +1,58 @@
 'use strict';
 
 var redis = require('redis');
+var Limiter = require('ratelimiter');
 
 var internals = {};
 
 internals.defaults = {
   namespace: 'clhr',
   global: {
     limit: -1,
-    bucketLength: 1
+    duration: 1
   },
   redis: {}
 };
 
+var MILLISECONDS = 1000;
+
 exports.register = function(plugin, options, next) {
   var settings = plugin.hapi.utils.applyToDefaults(internals.defaults, options);
   var redisClient = redis.createClient(options.redis.port, options.redis.host, options.redis.options);
 
   plugin.ext('onPreAuth', function(request, callback) {
     var route = request.route;
-    var limit = route.plugins && route.plugins['hapi-ratelimit'];
-    if (!limit && settings.global.limit > 0) {
-      limit = settings.global;
+    var routeLimit = route.plugins && route.plugins['hapi-ratelimit'];
+    if (!routeLimit && settings.global.limit > 0) {
+      routeLimit = settings.global;
     }
-    if (limit) {
+    if (routeLimit) {
       var ipts = settings.namespace + ':' + request.info.remoteAddress + ':' + route.path;
+      var routeLimiter = new Limiter({
+        id: ipts,
+        db: redisClient,
+        max: routeLimit.limit,
+        duration: routeLimit.duration * MILLISECONDS
+      });
       var error = null;
-      redisClient.get(ipts, function(err, token) {
+      routeLimiter.get(function(err, rateLimit) {
         if (err) {
           return callback(err);
         }
         request.plugins['hapi-ratelimit'] = {};
-        request.plugins['hapi-ratelimit'].limit = limit.limit;
-        var left = limit.limit - token;
-        request.plugins['hapi-ratelimit'].remaining = left > 0 ? left - 1 : 0; //they've already reached it at this point
-        request.plugins['hapi-ratelimit'].reset = limit.bucketLength;
+        request.plugins['hapi-ratelimit'].limit = rateLimit.total;
+        request.plugins['hapi-ratelimit'].remaining = rateLimit.remaining;
+        request.plugins['hapi-ratelimit'].reset = rateLimit.reset;
 
-        if (token) {
-          if (token >= limit.limit) {
-            error = plugin.hapi.error.badRequest('Rate limit exceeded');
-            error.output.statusCode = 429; // Assign a Too Many Requests response
-            error.output.headers['X-Rate-Limit-Limit'] = request.plugins['hapi-ratelimit'].limit;
-            error.output.headers['X-Rate-Limit-Remaining'] = request.plugins['hapi-ratelimit'].remaining;
-            error.output.headers['X-Rate-Limit-Reset'] = request.plugins['hapi-ratelimit'].reset;
-            error.reformat();
-          }
-          redisClient.incr(ipts, function(err) {
-            if (err) {
-              return callback(err);
-            }
-            return callback(error);
-          });
-        } else {
-          redisClient.multi([
-            ['INCR', ipts],
-            ['EXPIRE', ipts, limit.bucketLength]
-          ]).exec(function(err) {
-            if (err) {
-              return callback(err);
-            }
-            return callback();
-          });
+        if (rateLimit.remaining <= 0) {
+          error = plugin.hapi.error.badRequest('Rate limit exceeded');
+          error.output.statusCode = 429; // Assign a Too Many Requests response
+          error.output.headers['X-Rate-Limit-Limit'] = request.plugins['hapi-ratelimit'].limit;
+          error.output.headers['X-Rate-Limit-Remaining'] = request.plugins['hapi-ratelimit'].remaining;
+          error.output.headers['X-Rate-Limit-Reset'] = request.plugins['hapi-ratelimit'].reset;
+          error.reformat();
         }
+        return callback(error);
       });
     } else {
       return callback();
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "hapi-ratelimit",
-  "version": "0.0.4",
+  "version": "0.0.5",
   "description": "A rate limiting plugin for HAPI.",
   "main": "index.js",
   "scripts": {
@@ -16,7 +16,8 @@
   "author": "Aaron Elligsen",
   "license": "MIT",
   "dependencies": {
-    "redis": "~0.10.0"
+    "redis": "~0.10.0",
+    "ratelimiter": "~1.0.1"
   },
   "devDependencies": {
     "hapi": "~3.1.0",
diff --git a/tests/global-limit.js b/tests/global-limit.js
@@ -15,7 +15,18 @@ describe('Hapi route based rate limiting', function() {
     request(url).get('/testglobal').expect(429, cb);
   }
   it('Should return 429 if global limit is reached', function(done) {
-    async.series([testok, testok, testok, testok, testok, testok, testok, testok, testok, testok, test429], done);
+    async.series([
+      testok,
+      testok,
+      testok,
+      testok,
+      testok,
+      testok,
+      testok,
+      testok,
+      testok,
+      test429
+    ], done);
   });
 
 });
diff --git a/tests/testserver.js b/tests/testserver.js
@@ -18,7 +18,7 @@ server.route([{
     plugins: {
       'hapi-ratelimit': {
         limit: 2,
-        bucketLength: 5
+        duration: 5
       }
     }
   }
@@ -39,7 +39,7 @@ var rateopts = {
   },
   global: {
     limit: 10,
-    bucketLength: 20
+    duration: 20
   }
 };
 server.pack.require('../../hapi-ratelimit', rateopts, function(err) {

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ server.route([{`
`18`	`18`	`plugins: {`
`19`	`19`	`'hapi-ratelimit': {`
`20`	`20`	`limit: 2,`
`21`		`- bucketLength: 5`
	`21`	`+ duration: 5`
`22`	`22`	`}`
`23`	`23`	`}`
`24`	`24`	`}`
`@@ -39,7 +39,7 @@ var rateopts = {`
`39`	`39`	`},`
`40`	`40`	`global: {`
`41`	`41`	`limit: 10,`
`42`		`- bucketLength: 20`
	`42`	`+ duration: 20`
`43`	`43`	`}`
`44`	`44`	`};`
`45`	`45`	`server.pack.require('../../hapi-ratelimit', rateopts, function(err) {`