API v3 Rate Limiter (#12117)

* simplify ip address management by using the trust proxy express option * add setupExpress file * fix redirects middleware tests * fix lint * short circuit the ip blocking middleware * basic implementation with ip based limiting * improve logging * upgrade apidoc * apidoc: add introduction section * fix lint * fix tests * fix lint * add unit tests for rate limiter * do not send retry-after header when points are available * automatically fix lint * fix more lint issues * use userId as key for rate limit when available
2025-12-17 06:37:23 +01:00 · 2020-07-17 16:13:51 +02:00
parent e3bcc48481
commit e7c8833c9a
15 changed files with 332 additions and 61 deletions
--- a/website/common/script/errors/apiErrorMessages.js
+++ b/website/common/script/errors/apiErrorMessages.js
@@ -27,6 +27,7 @@ export default {
  missingSubKey: 'Missing "req.query.sub"',

  ipAddressBlocked: 'This IP address has been blocked from accessing Habitica. This may be due to a breach of our Terms of Service or technical issue originating at this IP address. For details or to ask to be unblocked, please email admin@habitica.com or ask your parent or guardian to email them. Include your Habitica @ Username or User Id in the email if you have one.',
+  clientRateLimited: 'This IP address has been rate limited due to an excess amount of API requests. More info can be found in the response headers.',

  invalidPlatform: 'Invalid platform specified',
 };