From 8cdddfa1d0301faeca037843c3f999f4c6346902 Mon Sep 17 00:00:00 2001 From: sean-brydon <55134778+sean-brydon@users.noreply.github.com> Date: Thu, 27 Jul 2023 09:41:43 +0100 Subject: [PATCH] fix: ratelimit - updates (#10347) --- packages/lib/rateLimit.ts | 8 +++++++- .../routers/viewer/eventTypes/getByViewer.handler.ts | 6 ++++++ .../trpc/server/routers/viewer/eventTypes/list.handler.ts | 5 +++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/packages/lib/rateLimit.ts b/packages/lib/rateLimit.ts index ab8c4452f9..57bf9f3e80 100644 --- a/packages/lib/rateLimit.ts +++ b/packages/lib/rateLimit.ts @@ -7,7 +7,7 @@ import logger from "./logger"; const log = logger.getChildLogger({ prefix: ["RateLimit"] }); export type RateLimitHelper = { - rateLimitingType?: "core" | "forcedSlowMode"; + rateLimitingType?: "core" | "forcedSlowMode" | "common"; identifier: string; }; @@ -57,6 +57,12 @@ export function rateLimiter() { prefix: "ratelimit", limiter: Ratelimit.fixedWindow(10, "60s"), }), + common: new Ratelimit({ + redis, + analytics: true, + prefix: "ratelimit", + limiter: Ratelimit.fixedWindow(200, "60s"), + }), forcedSlowMode: new Ratelimit({ redis, analytics: true, diff --git a/packages/trpc/server/routers/viewer/eventTypes/getByViewer.handler.ts b/packages/trpc/server/routers/viewer/eventTypes/getByViewer.handler.ts index aebf392d57..7c227ec734 100644 --- a/packages/trpc/server/routers/viewer/eventTypes/getByViewer.handler.ts +++ b/packages/trpc/server/routers/viewer/eventTypes/getByViewer.handler.ts @@ -2,6 +2,7 @@ import { type PrismaClient, Prisma } from "@prisma/client"; import { orderBy } from "lodash"; import { hasFilter } from "@calcom/features/filters/lib/hasFilter"; +import { checkRateLimitAndThrowError } from "@calcom/lib/checkRateLimitAndThrowError"; import { CAL_URL } from "@calcom/lib/constants"; import { markdownToSafeHTML } from "@calcom/lib/markdownToSafeHTML"; import { getBookerUrl } from "@calcom/lib/server/getBookerUrl"; @@ -78,6 +79,11 @@ export const compareMembership = (mship1: MembershipRole, mship2: MembershipRole export const getByViewerHandler = async ({ ctx, input }: GetByViewerOptions) => { const { prisma } = ctx; + await checkRateLimitAndThrowError({ + identifier: `eventTypes:getByViewer:${ctx.user.id}`, + rateLimitingType: "common", + }); + const user = await prisma.user.findUnique({ where: { id: ctx.user.id, diff --git a/packages/trpc/server/routers/viewer/eventTypes/list.handler.ts b/packages/trpc/server/routers/viewer/eventTypes/list.handler.ts index f17398fdbe..ed0045b966 100644 --- a/packages/trpc/server/routers/viewer/eventTypes/list.handler.ts +++ b/packages/trpc/server/routers/viewer/eventTypes/list.handler.ts @@ -1,3 +1,4 @@ +import { checkRateLimitAndThrowError } from "@calcom/lib/checkRateLimitAndThrowError"; import { prisma } from "@calcom/prisma"; import type { TrpcSessionUser } from "../../../trpc"; @@ -9,6 +10,10 @@ type ListOptions = { }; export const listHandler = async ({ ctx }: ListOptions) => { + await checkRateLimitAndThrowError({ + identifier: `eventTypes:list:${ctx.user.id}`, + rateLimitingType: "common", + }); return await prisma.eventType.findMany({ where: { userId: ctx.user.id,