feat: rate limits

2026-05-07 06:23:06 +08:00 · 2026-03-30 14:25:53 +01:00
parent a062f7a165
commit 3ba5cff98b
6 changed files with 81 additions and 1 deletions
@@ -44,6 +44,7 @@
    "@langchain/core": "1.1.34",
    "@langchain/textsplitters": "1.0.1",
    "@modelcontextprotocol/sdk": "^1.27.1",
+    "@nest-lab/throttler-storage-redis": "^1.2.0",
    "@nestjs-labs/nestjs-ioredis": "^11.0.4",
    "@nestjs/bullmq": "^11.0.4",
    "@nestjs/cache-manager": "^3.1.0",
@@ -58,6 +59,7 @@
    "@nestjs/platform-socket.io": "^11.1.17",
    "@nestjs/schedule": "^6.1.1",
    "@nestjs/terminus": "^11.1.1",
+    "@nestjs/throttler": "^6.5.0",
    "@nestjs/websockets": "^11.1.17",
    "@node-saml/passport-saml": "^5.1.0",
    "@react-email/components": "1.0.10",
@@ -26,6 +26,7 @@ import KeyvRedis from '@keyv/redis';
 import { LoggerModule } from './common/logger/logger.module';
 import { ClsModule } from 'nestjs-cls';
 import { NoopAuditModule } from './integrations/audit/audit.module';
+import { ThrottleModule } from './integrations/throttle/throttle.module';

 const enterpriseModules = [];
 try {
@@ -83,6 +84,7 @@ try {
    EventEmitterModule.forRoot(),
    SecurityModule,
    TelemetryModule,
+    ThrottleModule,
    ...enterpriseModules,
  ],
  controllers: [AppController],
@@ -10,6 +10,7 @@ import {
  UseGuards,
  Logger,
 } from '@nestjs/common';
+import { SkipThrottle, ThrottlerGuard } from '@nestjs/throttler';
 import { LoginDto } from './dto/login.dto';
 import { AuthService } from './services/auth.service';
 import { SessionService } from '../session/session.service';
@@ -33,6 +34,7 @@ import {
  IAuditService,
 } from '../../integrations/audit/audit.service';

+@UseGuards(ThrottlerGuard)
@Controller('auth')
 export class AuthController {
  private readonly logger = new Logger(AuthController.name);
@@ -111,6 +113,7 @@ export class AuthController {
    return workspace;
  }

+  @SkipThrottle()
  @UseGuards(JwtAuthGuard)
  @HttpCode(HttpStatus.OK)
  @Post('change-password')
@@ -173,6 +176,7 @@ export class AuthController {
    return this.authService.verifyUserToken(verifyUserTokenDto, workspace.id);
  }

+  @SkipThrottle()
  @UseGuards(JwtAuthGuard)
  @HttpCode(HttpStatus.OK)
  @Post('collab-token')
@@ -183,6 +187,7 @@ export class AuthController {
    return this.authService.getCollabToken(user, workspace.id);
  }

+  @SkipThrottle()
  @UseGuards(JwtAuthGuard)
  @HttpCode(HttpStatus.OK)
  @Post('logout')
@@ -0,0 +1,34 @@
+import { Module } from '@nestjs/common';
+import { ThrottlerModule } from '@nestjs/throttler';
+import { ThrottlerStorageRedisService } from '@nest-lab/throttler-storage-redis';
+import { EnvironmentService } from '../environment/environment.service';
+import { EnvironmentModule } from '../environment/environment.module';
+import { parseRedisUrl } from '../../common/helpers';
+import Redis from 'ioredis';
+
+@Module({
+  imports: [
+    ThrottlerModule.forRootAsync({
+      imports: [EnvironmentModule],
+      useFactory: (environmentService: EnvironmentService) => {
+        const redisConfig = parseRedisUrl(environmentService.getRedisUrl());
+
+        return {
+          throttlers: [{ name: 'auth', ttl: 60_000, limit: 10 }],
+          storage: new ThrottlerStorageRedisService(
+            new Redis({
+              host: redisConfig.host,
+              port: redisConfig.port,
+              password: redisConfig.password,
+              db: redisConfig.db,
+              family: redisConfig.family,
+              keyPrefix: 'throttle:',
+            }),
+          ),
+        };
+      },
+      inject: [EnvironmentService],
+    }),
+  ],
+})
+export class ThrottleModule {}