WIP using the redis package instead

matt-aitken · ericallam · commit 7a0fd2954299 · 2024-03-25T16:30:10.000Z
diff --git a/apps/webapp/app/routes/api.v1.events.ts b/apps/webapp/app/routes/api.v1.events.ts
@@ -5,8 +5,9 @@ import { generateErrorMessage } from "zod-error";
 import { authenticateApiRequest } from "~/services/apiAuth.server";
 import { IngestSendEvent } from "~/services/events/ingestSendEvent.server";
 import { eventRecordToApiJson } from "~/api.server";
+import { standardRateLimitter } from "~/services/apiRateLimit.server";
 
-export async function action({ request }: ActionFunctionArgs) {
+export const action = standardRateLimitter.action("sendEvent", async ({ request }) => {
   // Ensure this is a POST request
   if (request.method.toUpperCase() !== "POST") {
     return { status: 405, body: "Method Not Allowed" };
@@ -39,4 +40,4 @@ export async function action({ request }: ActionFunctionArgs) {
   }
 
   return json(eventRecordToApiJson(event));
-}
+});
diff --git a/apps/webapp/app/services/apiRateLimit.server.ts b/apps/webapp/app/services/apiRateLimit.server.ts
@@ -1,37 +1,86 @@
-import Redis, { RedisOptions } from "ioredis";
+import { RedisClientOptions, createClient } from "redis";
 import { Ratelimit } from "@upstash/ratelimit";
-import { LoaderFunction, LoaderFunctionArgs } from "@remix-run/server-runtime";
+import {
+  ActionFunction,
+  ActionFunctionArgs,
+  LoaderFunction,
+  LoaderFunctionArgs,
+} from "@remix-run/server-runtime";
 import { env } from "~/env.server";
 
-export function createRedisRateLimitClient(): ConstructorParameters<typeof Ratelimit>[0]["redis"] {
-  const redis = new Redis({
-    port: env.REDIS_PORT,
-    host: env.REDIS_HOST,
-    username: env.REDIS_USERNAME,
-    password: env.REDIS_PASSWORD,
-    enableAutoPipelining: true,
-    ...(env.REDIS_TLS_DISABLED === "true" ? {} : { tls: {} }),
-  });
+function createRedisRateLimitClient(
+  redisOptions: RedisClientOptions
+): ConstructorParameters<typeof Ratelimit>[0]["redis"] {
+  const redis = createClient(redisOptions);
 
   return {
     sadd: async <TData>(key: string, ...members: TData[]): Promise<number> => {
-      return redis.sadd(key, members as (string | Buffer | number)[]);
+      return redis.sAdd(key as string, members as any);
     },
     eval: <TArgs extends unknown[], TData = unknown>(
       ...args: [script: string, keys: string[], args: TArgs]
     ): Promise<TData> => {
-      return redis.eval(...args) as TData;
+      return redis.eval(args[0], {
+        keys: args[1],
+        arguments: args[2] as string[],
+      }) as Promise<TData>;
     },
   };
 }
 
-const ratelimitter = new Ratelimit({
-  redis: createRedisRateLimitClient(),
-  limiter: Ratelimit.cachedFixedWindow(10, "10s"),
-  ephemeralCache: new Map(),
-  analytics: true,
-});
-
-export const rateLimit = {
-  loader: (args: LoaderFunctionArgs): ReturnType<LoaderFunction> => {},
+type Options = {
+  redis: RedisClientOptions;
+  limiter: ConstructorParameters<typeof Ratelimit>[0]["limiter"];
 };
+
+class RateLimitter {
+  #rateLimitter: Ratelimit;
+
+  constructor({ redis, limiter }: Options) {
+    this.#rateLimitter = new Ratelimit({
+      redis: createRedisRateLimitClient(redis),
+      limiter: limiter,
+      ephemeralCache: new Map(),
+      analytics: true,
+    });
+  }
+
+  async loader(key: string, fn: LoaderFunction): Promise<ReturnType<LoaderFunction>> {
+    const { success, pending, limit, reset, remaining } = await this.#rateLimitter.limit(
+      `ratelimit:${key}`
+    );
+
+    if (success) {
+      return fn;
+    }
+
+    const response = new Response("Rate limit exceeded", { status: 429 });
+    response.headers.set("X-RateLimit-Limit", limit.toString());
+    response.headers.set("X-RateLimit-Remaining", remaining.toString());
+    response.headers.set("X-RateLimit-Reset", reset.toString());
+    return response;
+  }
+
+  async action(key: string, fn: (args: ActionFunctionArgs) => Promise<ReturnType<ActionFunction>>) {
+    const { success, pending, limit, reset, remaining } = await this.#rateLimitter.limit(
+      `ratelimit:${key}`
+    );
+
+    if (success) {
+      return fn;
+    }
+
+    const response = new Response("Rate limit exceeded", { status: 429 });
+    response.headers.set("X-RateLimit-Limit", limit.toString());
+    response.headers.set("X-RateLimit-Remaining", remaining.toString());
+    response.headers.set("X-RateLimit-Reset", reset.toString());
+    return response;
+  }
+}
+
+export const standardRateLimitter = new RateLimitter({
+  redis: {
+    url: `redis://${env.REDIS_USERNAME}:${env.REDIS_PASSWORD}@${env.REDIS_HOST}:${env.REDIS_PORT}`,
+  },
+  limiter: Ratelimit.slidingWindow(1, "60 s"),
+});
