Security fixes: non-root user, signup rate limiting, differentiated CORS, persistent usage tracking
This commit is contained in:
parent
6a38ba4adc
commit
73bb041513
5 changed files with 108 additions and 17 deletions
|
|
@ -1,12 +1,9 @@
|
|||
import { Request, Response, NextFunction } from "express";
|
||||
import { isProKey } from "../services/keys.js";
|
||||
import fs from "fs/promises";
|
||||
import path from "path";
|
||||
|
||||
interface UsageRecord {
|
||||
count: number;
|
||||
monthKey: string;
|
||||
}
|
||||
|
||||
const usage = new Map<string, UsageRecord>();
|
||||
const USAGE_FILE = "/app/data/usage.json";
|
||||
let usage = new Map<string, { count: number; monthKey: string }>();
|
||||
const FREE_TIER_LIMIT = 100;
|
||||
|
||||
function getMonthKey(): string {
|
||||
|
|
@ -14,11 +11,45 @@ function getMonthKey(): string {
|
|||
return `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}`;
|
||||
}
|
||||
|
||||
export function usageMiddleware(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): void {
|
||||
// Load usage data from file on startup
|
||||
async function loadUsageData(): Promise<void> {
|
||||
try {
|
||||
const data = await fs.readFile(USAGE_FILE, "utf8");
|
||||
const usageObj = JSON.parse(data);
|
||||
|
||||
usage = new Map();
|
||||
for (const [key, record] of Object.entries(usageObj)) {
|
||||
usage.set(key, record as { count: number; monthKey: string });
|
||||
}
|
||||
|
||||
console.log(`Loaded usage data for ${usage.size} keys`);
|
||||
} catch (error) {
|
||||
// File doesn't exist or invalid JSON - start fresh
|
||||
console.log("No existing usage data found, starting fresh");
|
||||
usage = new Map();
|
||||
}
|
||||
}
|
||||
|
||||
// Save usage data to file
|
||||
async function saveUsageData(): Promise<void> {
|
||||
try {
|
||||
const usageObj: Record<string, { count: number; monthKey: string }> = {};
|
||||
for (const [key, record] of usage) {
|
||||
usageObj[key] = record;
|
||||
}
|
||||
|
||||
// Ensure directory exists
|
||||
await fs.mkdir(path.dirname(USAGE_FILE), { recursive: true });
|
||||
await fs.writeFile(USAGE_FILE, JSON.stringify(usageObj, null, 2));
|
||||
} catch (error) {
|
||||
console.error("Failed to save usage data:", error);
|
||||
}
|
||||
}
|
||||
|
||||
// Initialize usage data loading
|
||||
loadUsageData().catch(console.error);
|
||||
|
||||
export function usageMiddleware(req: any, res: any, next: any): void {
|
||||
const key = req.headers.authorization?.slice(7) || "unknown";
|
||||
const monthKey = getMonthKey();
|
||||
|
||||
|
|
@ -52,6 +83,9 @@ function trackUsage(key: string, monthKey: string): void {
|
|||
} else {
|
||||
record.count++;
|
||||
}
|
||||
|
||||
// Save to file after each update (simple approach)
|
||||
saveUsageData().catch(console.error);
|
||||
}
|
||||
|
||||
export function getUsageStats(): Record<string, { count: number; month: string }> {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue