From a8ff68f42f2a50c0c3d8f19592bc7af4646a9c90 Mon Sep 17 00:00:00 2001
From: wanhose <hello@wanhose.dev>
Date: Tue, 19 Nov 2024 11:53:40 +0100
Subject: [PATCH] fix(api): global rate limit

---
 packages/api/src/index.ts              | 2 ++
 packages/api/src/services/rateLimit.ts | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/packages/api/src/index.ts b/packages/api/src/index.ts
index c725c6e..e27b5b0 100644
--- a/packages/api/src/index.ts
+++ b/packages/api/src/index.ts
@@ -17,6 +17,7 @@ import v6IssuesRoutes from 'routes/v6/issues';
 import v6ReportRoutes from 'routes/v6/report';
 import v6VersionRoutes from 'routes/v6/version';
 import environment from 'services/environment';
+import { keyGenerator } from 'services/rateLimit';
 
 const server = fastify({ logger: true });
 
@@ -30,6 +31,7 @@ server.register(cors, {
 
 server.register(rateLimit, {
   global: false,
+  keyGenerator,
 });
 
 server.register(v1EntriesRoutes, { prefix: '/rest/v1' });
diff --git a/packages/api/src/services/rateLimit.ts b/packages/api/src/services/rateLimit.ts
index afdd954..1cb6ea4 100644
--- a/packages/api/src/services/rateLimit.ts
+++ b/packages/api/src/services/rateLimit.ts
@@ -1,3 +1,5 @@
+import type { FastifyRequest } from 'fastify';
+
 export const RATE_LIMIT_1_PER_HOUR = {
   max: 1,
   timeWindow: '1 hour',
@@ -17,3 +19,9 @@ export const RATE_LIMIT_3_PER_MIN = {
   max: 3,
   timeWindow: '1 minute',
 };
+
+export function keyGenerator(req: FastifyRequest): string {
+  const userIdentifier = req.headers['x-user-id'] || req.ip;
+
+  return `${userIdentifier}:${req.routerPath}`;
+}