Page MenuHomePhabricator

[token-server] Make sure we are rate limiting by client IP address
ClosedPublic

Authored by bytesofman on Sep 6 2024, 16:11.

Details

Summary

Because token-server is deployed on docker, req.ip is the address of the actual server and the address of the client making an API endpoint request (e.g. for a token reward or a Cashtab reward).

So, right now, the rate limiting "works" -- but it rate limits all users instead of by IP address of individual users. This is causing normal users to get rate limit errors.

Ref https://stackoverflow.com/questions/62494060/express-rate-limit-not-working-when-deployed-to-heroku

Test Plan

Will need to review logs on deployed instance. Have confirmed can still run this locally.

Diff Detail

Repository
rABC Bitcoin ABC
Branch
token-server-ratelimit-fix
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 30210
Build 59947: Build Difftoken-server-tests
Build 59946: arc lint + arc unit