spec(backend): APIのレートリミットをバイパスできるように (MisskeyIO#557)

This commit is contained in:
まっちゃとーにゅ 2024-03-21 16:01:58 +09:00 committed by GitHub
parent 9a65c8ca61
commit ee78828dda
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 1 deletions

View File

@ -98,6 +98,8 @@ type Source = {
proxyRemoteFiles?: boolean; proxyRemoteFiles?: boolean;
videoThumbnailGenerator?: string; videoThumbnailGenerator?: string;
bypassRateLimit?: { header: string; value: string }[];
signToActivityPubGet?: boolean; signToActivityPubGet?: boolean;
perChannelMaxNoteCacheCount?: number; perChannelMaxNoteCacheCount?: number;
@ -175,6 +177,7 @@ export type Config = {
mediaProxy: string; mediaProxy: string;
externalMediaProxyEnabled: boolean; externalMediaProxyEnabled: boolean;
videoThumbnailGenerator: string | null; videoThumbnailGenerator: string | null;
bypassRateLimit: { header: string; value: string }[] | undefined;
redis: RedisOptions & RedisOptionsSource; redis: RedisOptions & RedisOptionsSource;
redisForPubsub: RedisOptions & RedisOptionsSource; redisForPubsub: RedisOptions & RedisOptionsSource;
redisForSystemQueue: RedisOptions & RedisOptionsSource; redisForSystemQueue: RedisOptions & RedisOptionsSource;
@ -288,6 +291,7 @@ export function loadConfig(): Config {
videoThumbnailGenerator: config.videoThumbnailGenerator ? videoThumbnailGenerator: config.videoThumbnailGenerator ?
config.videoThumbnailGenerator.endsWith('/') ? config.videoThumbnailGenerator.substring(0, config.videoThumbnailGenerator.length - 1) : config.videoThumbnailGenerator config.videoThumbnailGenerator.endsWith('/') ? config.videoThumbnailGenerator.substring(0, config.videoThumbnailGenerator.length - 1) : config.videoThumbnailGenerator
: null, : null,
bypassRateLimit: config.bypassRateLimit,
userAgent: `Misskey/${version} (${config.url})`, userAgent: `Misskey/${version} (${config.url})`,
clientEntry: clientManifest['src/_boot_.ts'], clientEntry: clientManifest['src/_boot_.ts'],
clientManifestExists: clientManifestExists, clientManifestExists: clientManifestExists,

View File

@ -18,6 +18,7 @@ import { createTemp } from '@/misc/create-temp.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import { RoleService } from '@/core/RoleService.js'; import { RoleService } from '@/core/RoleService.js';
import { IdentifiableError } from '@/misc/identifiable-error.js'; import { IdentifiableError } from '@/misc/identifiable-error.js';
import type { Config } from '@/config.js';
import { ApiError } from './error.js'; import { ApiError } from './error.js';
import { RateLimiterService } from './RateLimiterService.js'; import { RateLimiterService } from './RateLimiterService.js';
import { ApiLoggerService } from './ApiLoggerService.js'; import { ApiLoggerService } from './ApiLoggerService.js';
@ -39,6 +40,8 @@ export class ApiCallService implements OnApplicationShutdown {
private userIpHistoriesClearIntervalId: NodeJS.Timeout; private userIpHistoriesClearIntervalId: NodeJS.Timeout;
constructor( constructor(
@Inject(DI.config)
private config: Config,
@Inject(DI.userIpsRepository) @Inject(DI.userIpsRepository)
private userIpsRepository: UserIpsRepository, private userIpsRepository: UserIpsRepository,
@ -243,7 +246,8 @@ export class ApiCallService implements OnApplicationShutdown {
throw new ApiError(accessDenied); throw new ApiError(accessDenied);
} }
if (ep.meta.limit) { const bypassRateLimit = this.config.bypassRateLimit?.some(({ header, value }) => request.headers[header] === value) ?? false;
if (ep.meta.limit && !bypassRateLimit) {
// koa will automatically load the `X-Forwarded-For` header if `proxy: true` is configured in the app. // koa will automatically load the `X-Forwarded-For` header if `proxy: true` is configured in the app.
let limitActor: string; let limitActor: string;
if (user) { if (user) {