From 587f3b2e109171f18461ad98d0398afb936c8e88 Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 15 Mar 2023 13:36:53 +0100 Subject: [PATCH 1/2] Update example fingerprint Sorry for this nitpick, but I was referencing this repository while implementing a rate limiter and got into some trouble due to the fingerprint implementation. I'm not sure if this is always the case, but in Next.js the `req.socket.remoteAddress` rather points at the server address. https://stackoverflow.com/a/19524949/7776268 --- packages/upstash/README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/packages/upstash/README.md b/packages/upstash/README.md index b7c5dae..2ceacc6 100644 --- a/packages/upstash/README.md +++ b/packages/upstash/README.md @@ -30,13 +30,16 @@ type Context = { } const root = initTRPC.context().create() -const getFingerPrint = (req: NextApiRequest) => { - const ip = req.socket.remoteAddress ?? req.headers['x-forwarded-for'] - return (Array.isArray(ip) ? ip[0] : ip) ?? '127.0.0.1' +const getFingerprint = (req: NextApiRequest) => { + const forwarded = req.headers["x-forwarded-for"] + const ip = forwarded + ? (typeof forwarded === "string" ? forwarded : forwarded[0])?.split(/, /)[0] + : req.socket.remoteAddress + return ip || "127.0.0.1" } export const rateLimiter = createTRPCUpstashLimiter({ root, - fingerprint: (ctx, _input) => getFingerPrint(ctx.req), + fingerprint: (ctx, _input) => getFingerprint(ctx.req), windowMs: 10000, message: (hitInfo) => `Too many requests, please try again later. ${Math.ceil( From f217e917f6ca5ff38209f1de47ca9ba295b0b970 Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 15 Mar 2023 12:43:34 +0000 Subject: [PATCH 2/2] Update example --- examples/next/src/server/trpc/trpc.ts | 14 +++++++++----- packages/upstash/README.md | 1 + 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/examples/next/src/server/trpc/trpc.ts b/examples/next/src/server/trpc/trpc.ts index 0877b5d..70b5548 100644 --- a/examples/next/src/server/trpc/trpc.ts +++ b/examples/next/src/server/trpc/trpc.ts @@ -11,13 +11,17 @@ const root = initTRPC.context().create({ }, }); -const getFingerPrint = (req: NextApiRequest) => { - const ip = req.socket.remoteAddress ?? req.headers["x-forwarded-for"]; - return (Array.isArray(ip) ? ip[0] : ip) ?? "127.0.0.1"; -}; +const getFingerprint = (req: NextApiRequest) => { + const forwarded = req.headers["x-forwarded-for"] + const ip = forwarded + ? (typeof forwarded === "string" ? forwarded : forwarded[0])?.split(/, /)[0] + : req.socket.remoteAddress + return ip || "127.0.0.1" +} + export const rateLimiter = createTRPCUpstashLimiter({ root, - fingerprint: (ctx) => getFingerPrint(ctx.req), + fingerprint: (ctx) => getFingerprint(ctx.req), windowMs: 20000, message: (hitInfo) => `Too many requests, please try again later. ${Math.ceil( diff --git a/packages/upstash/README.md b/packages/upstash/README.md index 2ceacc6..176fa3f 100644 --- a/packages/upstash/README.md +++ b/packages/upstash/README.md @@ -37,6 +37,7 @@ const getFingerprint = (req: NextApiRequest) => { : req.socket.remoteAddress return ip || "127.0.0.1" } + export const rateLimiter = createTRPCUpstashLimiter({ root, fingerprint: (ctx, _input) => getFingerprint(ctx.req),