From 812d7d8c0477b7eea6965a012ca9d5ad22b00d87 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sat, 12 Dec 2020 21:33:38 +0100 Subject: [PATCH] add rate limit to server --- server/index.js | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/server/index.js b/server/index.js index 5b40859..8c75117 100644 --- a/server/index.js +++ b/server/index.js @@ -2,6 +2,8 @@ const fs = require("fs"); const https = require("https"); const WebSocket = require("ws"); +const PING_INTERVAL = 30000; // 30 seconds + const server = https.createServer({ cert: fs.readFileSync("cert.pem"), key: fs.readFileSync("key.pem") @@ -19,6 +21,7 @@ function noop() {} // calculate latency on heartbeat function heartbeat() { this.latency = Math.round((new Date().getTime() - this.pingStart) / 2); + this.counter = 0; this.isAlive = true; } @@ -49,6 +52,7 @@ wss.on("connection", function connection(ws, req) { } ws.isAlive = true; ws.pingStart = new Date().getTime(); + ws.counter = 0; // add channel to list if (!channels[ws.channel]) { channels[ws.channel] = []; @@ -67,6 +71,16 @@ wss.on("connection", function connection(ws, req) { }); // handle message ws.on("message", function incoming(data) { + // check rate limit (max 5msg/second) + ws.counter++; + if (ws.counter > (5 * PING_INTERVAL) / 1000) { + console.log(ws.channel, "disconnecting user due to spam"); + ws.close( + 1000, + "Your app seems to be malfunctioning, please clear your browser cache." + ); + return; + } const isPing = data.match(/^\["ping/i); if (!isPing) { console.log(new Date(), wss.clients.size, ws.channel, data); @@ -92,7 +106,7 @@ const interval = setInterval(function ping() { ws.pingStart = new Date().getTime(); ws.ping(noop); }); -}, 30000); // 30 second pings +}, PING_INTERVAL); // handle server shutdown wss.on("close", function close() {