From a5f5f72346c64a2aaeb6f0a4a3ffc8846be42a03 Mon Sep 17 00:00:00 2001
From: Ajay Ramachandran <dev@ajay.app>
Date: Sun, 11 Oct 2020 13:07:57 -0400
Subject: [PATCH] Setup different ratelimit for views and votes

---
 config.json.example                           |  8 +++++++-
 src/app.js                                    | 20 +++++++++++++------
 .../{voteRateLimit.js => requestRateLimit.js} | 12 +++++------
 test.json                                     | 16 ++++++++++-----
 4 files changed, 38 insertions(+), 18 deletions(-)
 rename src/middleware/{voteRateLimit.js => requestRateLimit.js} (61%)

diff --git a/config.json.example b/config.json.example
index 82d30fe..9ff06fb 100644
--- a/config.json.example
+++ b/config.json.example
@@ -27,7 +27,13 @@
       "vote": {
         "windowMs": 900000, // 15 minutes
         "max": 20, // 20 requests in 15min time window
-        "message": "Too many votes, please try again later"
+        "message": "Too many votes, please try again later",
+        "statusCode": 200
+      },
+      "view": {
+        "windowMs": 900000, // 15 minutes
+        "max": 20, // 20 requests in 15min time window
+        "statusCode": 200
       }
     }
 }
diff --git a/src/app.js b/src/app.js
index 1aba966..0933f93 100644
--- a/src/app.js
+++ b/src/app.js
@@ -7,7 +7,7 @@ const getIP = require('./utils/getIP.js');
 const getHash = require('./utils/getHash.js');
 
 // Middleware 
-const voteRateLimitMiddleware = require('./middleware/voteRateLimit.js');
+const rateLimitMiddleware = require('./middleware/requestRateLimit.js');
 var corsMiddleware = require('./middleware/cors.js');
 var loggerMiddleware = require('./middleware/logger.js');
 const userCounter = require('./middleware/userCounter.js');
@@ -34,6 +34,14 @@ var getIsUserVIP = require('./routes/getIsUserVIP.js');
 var oldGetVideoSponsorTimes = require('./routes/oldGetVideoSponsorTimes.js');
 var oldSubmitSponsorTimes = require('./routes/oldSubmitSponsorTimes.js');
 
+// Rate limit endpoint lists
+let voteEndpoints = [voteOnSponsorTime.endpoint];
+let viewEndpoints = [viewedVideoSponsorTime];
+if (config.rateLimit) {
+    // if (config.rateLimit.vote) voteEndpoints.unshift(rateLimitMiddleware(config.rateLimit.vote));
+    if (config.rateLimit.view) viewEndpoints.unshift(rateLimitMiddleware(config.rateLimit.view));
+}
+
 //setup CORS correctly
 app.use(corsMiddleware);
 app.use(loggerMiddleware);
@@ -62,12 +70,12 @@ app.post('/api/skipSegments', postSkipSegments);
 app.get('/api/skipSegments/:prefix', getSkipSegmentsByHash);
 
 //voting endpoint
-app.get('/api/voteOnSponsorTime', voteRateLimitMiddleware, voteOnSponsorTime.endpoint);
-app.post('/api/voteOnSponsorTime', voteRateLimitMiddleware, voteOnSponsorTime.endpoint);
+app.get('/api/voteOnSponsorTime', ...voteEndpoints);
+app.post('/api/voteOnSponsorTime', ...voteEndpoints);
 
-//Endpoint when a sponsorTime is used up
-app.get('/api/viewedVideoSponsorTime', voteRateLimitMiddleware, viewedVideoSponsorTime);
-app.post('/api/viewedVideoSponsorTime', voteRateLimitMiddleware, viewedVideoSponsorTime);
+//Endpoint when a submission is skipped
+app.get('/api/viewedVideoSponsorTime', ...viewEndpoints);
+app.post('/api/viewedVideoSponsorTime', ...viewEndpoints);
 
 //To set your username for the stats view
 app.post('/api/setUsername', setUsername);
diff --git a/src/middleware/voteRateLimit.js b/src/middleware/requestRateLimit.js
similarity index 61%
rename from src/middleware/voteRateLimit.js
rename to src/middleware/requestRateLimit.js
index 50120ff..b66a0aa 100644
--- a/src/middleware/voteRateLimit.js
+++ b/src/middleware/requestRateLimit.js
@@ -1,15 +1,15 @@
-const config = require('../config.js');
 const getIP = require('../utils/getIP.js');
 const getHash = require('../utils/getHash.js');
 const rateLimit = require('express-rate-limit');
 
-module.exports = rateLimit({
-  windowMs: config.rateLimit.vote.windowMs,
-  max: config.rateLimit.vote.max,
-  message: config.rateLimit.vote.message,
+module.exports = (limitConfig) => rateLimit({
+  windowMs: limitConfig.windowMs,
+  max: limitConfig.max,
+  message: limitConfig.message,
+  statusCode: limitConfig.statusCode,
   headers: false,
   keyGenerator: (req /*, res*/) => {
-    return getHash(req.ip, 1);
+    return getHash(getIP(req), 1);
   },
   skip: (/*req, res*/) => {
     // skip rate limit if running in test mode
diff --git a/test.json b/test.json
index 23ac900..15d06f8 100644
--- a/test.json
+++ b/test.json
@@ -51,10 +51,16 @@
     ],
     "categoryList": ["sponsor", "intro", "outro", "interaction", "selfpromo", "music_offtopic"],
     "rateLimit": {
-      "vote": {
-        "windowMs": 900000,
-        "max": 20,
-        "message": "Too many votes, please try again later"
+        "vote": {
+          "windowMs": 900000,
+          "max": 20,
+          "message": "Too many votes, please try again later",
+          "statusCode": 200
+        },
+        "view": {
+          "windowMs": 900000,
+          "max": 20,
+          "statusCode": 200
+        }
       }
-    }
 }