tornadocontrib/web3-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rate limit user_balance_post by bearer OR ip

Browse Source
This commit is contained in:
Bryan Stitt 2023-06-19 10:21:48 -07:00
parent c3ae4ded2b
commit b35cd58a76
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web3_proxy/src/frontend/users/payment.rs
View File

@ -109,12 +109,22 @@ pub async fn user_balance_post(
Extension(app): Extension<Arc<Web3ProxyApp>>, Extension(app): Extension<Arc<Web3ProxyApp>>,
InsecureClientIp(ip): InsecureClientIp, InsecureClientIp(ip): InsecureClientIp,
Path(mut params): Path<HashMap<String, String>>, Path(mut params): Path<HashMap<String, String>>,
bearer: Option<TypedHeader<Authorization<Bearer>>>,
) -> Web3ProxyResponse { ) -> Web3ProxyResponse {
// I suppose this is ok / good, so people don't spam this endpoint as it is not "cheap" // rate limit by bearer token **OR** IP address
// we rate limit by ip instead of bearer token so transactions are easy to submit from scripts let (authorization, _semaphore) = if let Some(TypedHeader(Authorization(bearer))) = bearer {
// TODO: if ip is a 10. or a 172., allow unlimited let (_, semaphore) = app.bearer_is_authorized(bearer).await?;
// TODO: is handling this as internal fine?
let authorization = Web3ProxyAuthorization::internal(app.db_conn())?;
(authorization, Some(semaphore))
} else {
let authorization = login_is_authorized(&app, ip).await?; let authorization = login_is_authorized(&app, ip).await?;
(authorization, None)
};
// Get the transaction hash // Get the transaction hash
let tx_hash: H256 = params let tx_hash: H256 = params
.remove("tx_hash") .remove("tx_hash")