trigger.dev/apps/webapp/app/services/magicLinkRateLimiter.server.ts at d478e0637c59116623c3993d8d257808e68c7bb0 · triggerdotdev/trigger.dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import { Ratelimit } from "@upstash/ratelimit";
import { env } from "~/env.server";
import { createRedisRateLimitClient, RateLimiter } from "~/services/rateLimiter.server";
import { singleton } from "~/utils/singleton";

export class MagicLinkRateLimitError extends Error {
  public readonly retryAfter: number;

  constructor(retryAfter: number) {
    super("Magic link request rate limit exceeded.");
    this.retryAfter = retryAfter;
  }
}

function getRedisClient() {
  return createRedisRateLimitClient({
    port: env.RATE_LIMIT_REDIS_PORT,
    host: env.RATE_LIMIT_REDIS_HOST,
    username: env.RATE_LIMIT_REDIS_USERNAME,
    password: env.RATE_LIMIT_REDIS_PASSWORD,
    tlsDisabled: env.RATE_LIMIT_REDIS_TLS_DISABLED === "true",
    clusterMode: env.RATE_LIMIT_REDIS_CLUSTER_MODE_ENABLED === "1",
  });
}

const magicLinkEmailRateLimiter = singleton(
  "magicLinkEmailRateLimiter",
  initializeMagicLinkEmailRateLimiter
);

function initializeMagicLinkEmailRateLimiter() {
  return new RateLimiter({
    redisClient: getRedisClient(),
    keyPrefix: "auth:magiclink:email",
    limiter: Ratelimit.slidingWindow(3, "1 m"), // 3 requests per minute per email
    logSuccess: false,
    logFailure: true,
  });
}

const magicLinkEmailDailyRateLimiter = singleton(
  "magicLinkEmailDailyRateLimiter",
  initializeMagicLinkEmailDailyRateLimiter
);

function initializeMagicLinkEmailDailyRateLimiter() {
  return new RateLimiter({
    redisClient: getRedisClient(),
    keyPrefix: "auth:magiclink:email:daily",
    limiter: Ratelimit.slidingWindow(30, "1 d"), // 30 requests per day per email
    logSuccess: false,
    logFailure: true,
  });
}

const magicLinkIpRateLimiter = singleton(
  "magicLinkIpRateLimiter",
  initializeMagicLinkIpRateLimiter
);

function initializeMagicLinkIpRateLimiter() {
  return new RateLimiter({
    redisClient: getRedisClient(),
    keyPrefix: "auth:magiclink:ip",
    limiter: Ratelimit.slidingWindow(10, "1 m"), // 10 requests per minute per IP
    logSuccess: false,
    logFailure: true,
  });
}

export async function checkMagicLinkEmailRateLimit(identifier: string): Promise<void> {
  const result = await magicLinkEmailRateLimiter.limit(identifier);

  if (!result.success) {
    const retryAfter = new Date(result.reset).getTime() - Date.now();
    throw new MagicLinkRateLimitError(retryAfter);
  }
}

export async function checkMagicLinkEmailDailyRateLimit(identifier: string): Promise<void> {
  const result = await magicLinkEmailDailyRateLimiter.limit(identifier);

  if (!result.success) {
    const retryAfter = new Date(result.reset).getTime() - Date.now();
    throw new MagicLinkRateLimitError(retryAfter);
  }
}

export async function checkMagicLinkIpRateLimit(ip: string): Promise<void> {
  const result = await magicLinkIpRateLimiter.limit(ip);

  if (!result.success) {
    const retryAfter = new Date(result.reset).getTime() - Date.now();
    throw new MagicLinkRateLimitError(retryAfter);
  }
}