Page MenuHomePhabricator

[token-server] Make sure we are rate limiting by client IP address
ClosedPublic

Authored by bytesofman on Fri, Sep 6, 16:11.

Details

Summary

Because token-server is deployed on docker, req.ip is the address of the actual server and the address of the client making an API endpoint request (e.g. for a token reward or a Cashtab reward).

So, right now, the rate limiting "works" -- but it rate limits all users instead of by IP address of individual users. This is causing normal users to get rate limit errors.

Ref https://stackoverflow.com/questions/62494060/express-rate-limit-not-working-when-deployed-to-heroku

Test Plan

Will need to review logs on deployed instance. Have confirmed can still run this locally.

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable