@hocuspocus/extension-throttle 1.0.0-beta.7 → 1.0.1

package/dist/hocuspocus-throttle.cjs

@@ -10,6 +10,8 @@ class Throttle {
         this.configuration = {
             throttle: 15,
             banTime: 5,
+            consideredSeconds: 60,
+            cleanupInterval: 90,
         };
         this.connectionsByIp = new Map();
         this.bannedIps = new Map();
@@ -17,6 +19,34 @@ class Throttle {
             ...this.configuration,
             ...configuration,
         };
+        this.cleanupInterval = setInterval(this.clearMaps.bind(this), this.configuration.cleanupInterval * 1000);
+    }
+    onDestroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+        }
+        return Promise.resolve();
+    }
+    clearMaps() {
+        this.connectionsByIp.forEach((value, key) => {
+            const filteredValue = value
+                .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now());
+            if (filteredValue.length) {
+                this.connectionsByIp.set(key, filteredValue);
+            }
+            else {
+                this.connectionsByIp.delete(key);
+            }
+        });
+        this.bannedIps.forEach((value, key) => {
+            if (!this.isBanned(key)) {
+                this.bannedIps.delete(key);
+            }
+        });
+    }
+    isBanned(ip) {
+        const bannedAt = this.bannedIps.get(ip) || 0;
+        return Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000));
     }
     /**
      * Throttle requests
@@ -26,19 +56,17 @@ class Throttle {
         if (!this.configuration.throttle) {
             return false;
         }
-        const bannedAt = this.bannedIps.get(ip) || 0;
-        if (Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))) {
+        if (this.isBanned(ip))
             return true;
-        }
         this.bannedIps.delete(ip);
         // add this connection try to the list of previous connections
         const previousConnections = this.connectionsByIp.get(ip) || [];
         previousConnections.push(Date.now());
-        // calculate the previous connections in the last minute
-        const previousConnectionsInTheLastMinute = previousConnections
-            .filter(timestamp => timestamp + (60 * 1000) > Date.now());
-        this.connectionsByIp.set(ip, previousConnectionsInTheLastMinute);
-        if (previousConnectionsInTheLastMinute.length > this.configuration.throttle) {
+        // calculate the previous connections in the last considered time interval
+        const previousConnectionsInTheConsideredInterval = previousConnections
+            .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now());
+        this.connectionsByIp.set(ip, previousConnectionsInTheConsideredInterval);
+        if (previousConnectionsInTheConsideredInterval.length > this.configuration.throttle) {
             this.bannedIps.set(ip, Date.now());
             return true;
         }

package/dist/hocuspocus-throttle.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"hocuspocus-throttle.cjs","sources":["../src/index.ts"],"sourcesContent":["import {\n  Extension,\n  onConnectPayload,\n} from '@hocuspocus/server'\n\nexport interface ThrottleConfiguration {\n  throttle: number | null | false,\n  banTime: number,\n}\n\nexport class Throttle implements Extension {\n\n  configuration: ThrottleConfiguration = {\n    throttle: 15,\n    banTime: 5,\n  }\n\n  connectionsByIp: Map<string, Array<number>> = new Map()\n\n  bannedIps: Map<string, number> = new Map()\n\n  /**\n   * Constructor\n   */\n  constructor(configuration?: Partial<ThrottleConfiguration>) {\n    this.configuration = {\n      ...this.configuration,\n      ...configuration,\n    }\n  }\n\n  /**\n   * Throttle requests\n   * @private\n   */\n  private throttle(ip: string): Boolean {\n    if (!this.configuration.throttle) {\n      return false\n    }\n\n    const bannedAt = this.bannedIps.get(ip) || 0\n\n    if (Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))) {\n      return true\n    }\n\n    this.bannedIps.delete(ip)\n\n    // add this connection try to the list of previous connections\n    const previousConnections = this.connectionsByIp.get(ip) || []\n    previousConnections.push(Date.now())\n\n    // calculate the previous connections in the last minute\n    const previousConnectionsInTheLastMinute = previousConnections\n      .filter(timestamp => timestamp + (60 * 1000) > Date.now())\n\n    this.connectionsByIp.set(ip, previousConnectionsInTheLastMinute)\n\n    if (previousConnectionsInTheLastMinute.length > this.configuration.throttle) {\n      this.bannedIps.set(ip, Date.now())\n      return true\n    }\n\n    return false\n  }\n\n  /**\n   * onConnect hook\n   * @param data\n   */\n  onConnect(data: onConnectPayload): Promise<any> {\n    const { request } = data\n\n    // get the remote ip address\n    const ip = request.headers['x-real-ip']\n      || request.headers['x-forwarded-for']\n      || request.socket.remoteAddress\n      || ''\n\n    // throttle the connection\n    return this.throttle(<string> ip) ? Promise.reject() : Promise.resolve()\n  }\n\n}\n"],"names":[],"mappings":";;;;MAUa,QAAQ,CAAA;AAWnB;;AAEG;AACH,IAAA,WAAA,CAAY,aAA8C,EAAA;AAZ1D,QAAA,IAAA,CAAA,aAAa,GAA0B;AACrC,YAAA,QAAQ,EAAE,EAAE;AACZ,YAAA,OAAO,EAAE,CAAC;SACX,CAAA;AAED,QAAA,IAAA,CAAA,eAAe,GAA+B,IAAI,GAAG,EAAE,CAAA;AAEvD,QAAA,IAAA,CAAA,SAAS,GAAwB,IAAI,GAAG,EAAE,CAAA;QAMxC,IAAI,CAAC,aAAa,GAAG;YACnB,GAAG,IAAI,CAAC,aAAa;AACrB,YAAA,GAAG,aAAa;SACjB,CAAA;KACF;AAED;;;AAGG;AACK,IAAA,QAAQ,CAAC,EAAU,EAAA;AACzB,QAAA,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AAChC,YAAA,OAAO,KAAK,CAAA;AACb,SAAA;AAED,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;QAE5C,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,QAAQ,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,EAAE;AACtE,YAAA,OAAO,IAAI,CAAA;AACZ,SAAA;AAED,QAAA,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;;AAGzB,QAAA,MAAM,mBAAmB,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;QAC9D,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;;QAGpC,MAAM,kCAAkC,GAAG,mBAAmB;AAC3D,aAAA,MAAM,CAAC,SAAS,IAAI,SAAS,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;QAE5D,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,kCAAkC,CAAC,CAAA;QAEhE,IAAI,kCAAkC,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AAC3E,YAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;AAClC,YAAA,OAAO,IAAI,CAAA;AACZ,SAAA;AAED,QAAA,OAAO,KAAK,CAAA;KACb;AAED;;;AAGG;AACH,IAAA,SAAS,CAAC,IAAsB,EAAA;AAC9B,QAAA,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;;AAGxB,QAAA,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;AAClC,eAAA,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC;eAClC,OAAO,CAAC,MAAM,CAAC,aAAa;AAC5B,eAAA,EAAE,CAAA;;QAGP,OAAO,IAAI,CAAC,QAAQ,CAAU,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;KACzE;AAEF;;;;"}
+{"version":3,"file":"hocuspocus-throttle.cjs","sources":["../src/index.ts"],"sourcesContent":["import {\n  Extension,\n  onConnectPayload,\n} from '@hocuspocus/server'\n\nexport interface ThrottleConfiguration {\n  throttle: number | null | false, // how many requests within `consideredSeconds` until we're rejecting requests (setting this to 15 means the 16th request will be rejected)\n  consideredSeconds: number, // how many seconds to consider (default is last 60 seconds from the current connection attempt)\n  banTime: number, // for how long to ban after receiving too many requests (in minutes!)\n  cleanupInterval: number // how often to clean up the records of IPs (this won't delete ips that are still blocked or recent enough by `consideredSeconds`)\n}\n\nexport class Throttle implements Extension {\n\n  configuration: ThrottleConfiguration = {\n    throttle: 15,\n    banTime: 5,\n    consideredSeconds: 60,\n    cleanupInterval: 90,\n  }\n\n  connectionsByIp: Map<string, Array<number>> = new Map()\n\n  bannedIps: Map<string, number> = new Map()\n\n  cleanupInterval?: NodeJS.Timer\n\n  /**\n   * Constructor\n   */\n  constructor(configuration?: Partial<ThrottleConfiguration>) {\n    this.configuration = {\n      ...this.configuration,\n      ...configuration,\n    }\n\n    this.cleanupInterval = setInterval(this.clearMaps.bind(this), this.configuration.cleanupInterval * 1000)\n  }\n\n  onDestroy() {\n    if (this.cleanupInterval) {\n      clearInterval(this.cleanupInterval)\n    }\n\n    return Promise.resolve()\n  }\n\n  public clearMaps() {\n    this.connectionsByIp.forEach((value, key) => {\n      const filteredValue = value\n        .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now())\n\n      if (filteredValue.length) {\n        this.connectionsByIp.set(key, filteredValue)\n      } else {\n        this.connectionsByIp.delete(key)\n      }\n    })\n\n    this.bannedIps.forEach((value, key) => {\n      if (!this.isBanned(key)) {\n        this.bannedIps.delete(key)\n      }\n    })\n  }\n\n  isBanned(ip: string) {\n    const bannedAt = this.bannedIps.get(ip) || 0\n    return Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))\n  }\n\n  /**\n   * Throttle requests\n   * @private\n   */\n  private throttle(ip: string): Boolean {\n    if (!this.configuration.throttle) {\n      return false\n    }\n\n    if (this.isBanned(ip)) return true\n\n    this.bannedIps.delete(ip)\n\n    // add this connection try to the list of previous connections\n    const previousConnections = this.connectionsByIp.get(ip) || []\n    previousConnections.push(Date.now())\n\n    // calculate the previous connections in the last considered time interval\n    const previousConnectionsInTheConsideredInterval = previousConnections\n      .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now())\n\n    this.connectionsByIp.set(ip, previousConnectionsInTheConsideredInterval)\n\n    if (previousConnectionsInTheConsideredInterval.length > this.configuration.throttle) {\n      this.bannedIps.set(ip, Date.now())\n      return true\n    }\n\n    return false\n  }\n\n  /**\n   * onConnect hook\n   * @param data\n   */\n  onConnect(data: onConnectPayload): Promise<any> {\n    const { request } = data\n\n    // get the remote ip address\n    const ip = request.headers['x-real-ip']\n      || request.headers['x-forwarded-for']\n      || request.socket.remoteAddress\n      || ''\n\n    // throttle the connection\n    return this.throttle(<string> ip) ? Promise.reject() : Promise.resolve()\n  }\n\n}\n"],"names":[],"mappings":";;;;MAYa,QAAQ,CAAA;AAenB;;AAEG;AACH,IAAA,WAAA,CAAY,aAA8C,EAAA;AAhB1D,QAAA,IAAA,CAAA,aAAa,GAA0B;AACrC,YAAA,QAAQ,EAAE,EAAE;AACZ,YAAA,OAAO,EAAE,CAAC;AACV,YAAA,iBAAiB,EAAE,EAAE;AACrB,YAAA,eAAe,EAAE,EAAE;SACpB,CAAA;AAED,QAAA,IAAA,CAAA,eAAe,GAA+B,IAAI,GAAG,EAAE,CAAA;AAEvD,QAAA,IAAA,CAAA,SAAS,GAAwB,IAAI,GAAG,EAAE,CAAA;QAQxC,IAAI,CAAC,aAAa,GAAG;YACnB,GAAG,IAAI,CAAC,aAAa;AACrB,YAAA,GAAG,aAAa;SACjB,CAAA;QAED,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;KACzG;IAED,SAAS,GAAA;QACP,IAAI,IAAI,CAAC,eAAe,EAAE;AACxB,YAAA,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;AACpC,SAAA;AAED,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE,CAAA;KACzB;IAEM,SAAS,GAAA;QACd,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,KAAI;YAC1C,MAAM,aAAa,GAAG,KAAK;iBACxB,MAAM,CAAC,SAAS,IAAI,SAAS,IAAI,IAAI,CAAC,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;YAE9F,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;AAC7C,aAAA;AAAM,iBAAA;AACL,gBAAA,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;AACjC,aAAA;AACH,SAAC,CAAC,CAAA;QAEF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,KAAI;AACpC,YAAA,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;AACvB,gBAAA,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;AAC3B,aAAA;AACH,SAAC,CAAC,CAAA;KACH;AAED,IAAA,QAAQ,CAAC,EAAU,EAAA;AACjB,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;QAC5C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,QAAQ,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;KAC1E;AAED;;;AAGG;AACK,IAAA,QAAQ,CAAC,EAAU,EAAA;AACzB,QAAA,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AAChC,YAAA,OAAO,KAAK,CAAA;AACb,SAAA;AAED,QAAA,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;AAAE,YAAA,OAAO,IAAI,CAAA;AAElC,QAAA,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;;AAGzB,QAAA,MAAM,mBAAmB,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;QAC9D,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;;QAGpC,MAAM,0CAA0C,GAAG,mBAAmB;aACnE,MAAM,CAAC,SAAS,IAAI,SAAS,IAAI,IAAI,CAAC,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;QAE9F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,0CAA0C,CAAC,CAAA;QAExE,IAAI,0CAA0C,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AACnF,YAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;AAClC,YAAA,OAAO,IAAI,CAAA;AACZ,SAAA;AAED,QAAA,OAAO,KAAK,CAAA;KACb;AAED;;;AAGG;AACH,IAAA,SAAS,CAAC,IAAsB,EAAA;AAC9B,QAAA,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;;AAGxB,QAAA,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;AAClC,eAAA,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC;eAClC,OAAO,CAAC,MAAM,CAAC,aAAa;AAC5B,eAAA,EAAE,CAAA;;QAGP,OAAO,IAAI,CAAC,QAAQ,CAAU,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;KACzE;AAEF;;;;"}

package/dist/hocuspocus-throttle.esm.js

@@ -6,6 +6,8 @@ class Throttle {
         this.configuration = {
             throttle: 15,
             banTime: 5,
+            consideredSeconds: 60,
+            cleanupInterval: 90,
         };
         this.connectionsByIp = new Map();
         this.bannedIps = new Map();
@@ -13,6 +15,34 @@ class Throttle {
             ...this.configuration,
             ...configuration,
         };
+        this.cleanupInterval = setInterval(this.clearMaps.bind(this), this.configuration.cleanupInterval * 1000);
+    }
+    onDestroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+        }
+        return Promise.resolve();
+    }
+    clearMaps() {
+        this.connectionsByIp.forEach((value, key) => {
+            const filteredValue = value
+                .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now());
+            if (filteredValue.length) {
+                this.connectionsByIp.set(key, filteredValue);
+            }
+            else {
+                this.connectionsByIp.delete(key);
+            }
+        });
+        this.bannedIps.forEach((value, key) => {
+            if (!this.isBanned(key)) {
+                this.bannedIps.delete(key);
+            }
+        });
+    }
+    isBanned(ip) {
+        const bannedAt = this.bannedIps.get(ip) || 0;
+        return Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000));
     }
     /**
      * Throttle requests
@@ -22,19 +52,17 @@ class Throttle {
         if (!this.configuration.throttle) {
             return false;
         }
-        const bannedAt = this.bannedIps.get(ip) || 0;
-        if (Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))) {
+        if (this.isBanned(ip))
             return true;
-        }
         this.bannedIps.delete(ip);
         // add this connection try to the list of previous connections
         const previousConnections = this.connectionsByIp.get(ip) || [];
         previousConnections.push(Date.now());
-        // calculate the previous connections in the last minute
-        const previousConnectionsInTheLastMinute = previousConnections
-            .filter(timestamp => timestamp + (60 * 1000) > Date.now());
-        this.connectionsByIp.set(ip, previousConnectionsInTheLastMinute);
-        if (previousConnectionsInTheLastMinute.length > this.configuration.throttle) {
+        // calculate the previous connections in the last considered time interval
+        const previousConnectionsInTheConsideredInterval = previousConnections
+            .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now());
+        this.connectionsByIp.set(ip, previousConnectionsInTheConsideredInterval);
+        if (previousConnectionsInTheConsideredInterval.length > this.configuration.throttle) {
             this.bannedIps.set(ip, Date.now());
             return true;
         }

package/dist/hocuspocus-throttle.esm.js.map

@@ -1 +1 @@
-{"version":3,"file":"hocuspocus-throttle.esm.js","sources":["../src/index.ts"],"sourcesContent":["import {\n  Extension,\n  onConnectPayload,\n} from '@hocuspocus/server'\n\nexport interface ThrottleConfiguration {\n  throttle: number | null | false,\n  banTime: number,\n}\n\nexport class Throttle implements Extension {\n\n  configuration: ThrottleConfiguration = {\n    throttle: 15,\n    banTime: 5,\n  }\n\n  connectionsByIp: Map<string, Array<number>> = new Map()\n\n  bannedIps: Map<string, number> = new Map()\n\n  /**\n   * Constructor\n   */\n  constructor(configuration?: Partial<ThrottleConfiguration>) {\n    this.configuration = {\n      ...this.configuration,\n      ...configuration,\n    }\n  }\n\n  /**\n   * Throttle requests\n   * @private\n   */\n  private throttle(ip: string): Boolean {\n    if (!this.configuration.throttle) {\n      return false\n    }\n\n    const bannedAt = this.bannedIps.get(ip) || 0\n\n    if (Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))) {\n      return true\n    }\n\n    this.bannedIps.delete(ip)\n\n    // add this connection try to the list of previous connections\n    const previousConnections = this.connectionsByIp.get(ip) || []\n    previousConnections.push(Date.now())\n\n    // calculate the previous connections in the last minute\n    const previousConnectionsInTheLastMinute = previousConnections\n      .filter(timestamp => timestamp + (60 * 1000) > Date.now())\n\n    this.connectionsByIp.set(ip, previousConnectionsInTheLastMinute)\n\n    if (previousConnectionsInTheLastMinute.length > this.configuration.throttle) {\n      this.bannedIps.set(ip, Date.now())\n      return true\n    }\n\n    return false\n  }\n\n  /**\n   * onConnect hook\n   * @param data\n   */\n  onConnect(data: onConnectPayload): Promise<any> {\n    const { request } = data\n\n    // get the remote ip address\n    const ip = request.headers['x-real-ip']\n      || request.headers['x-forwarded-for']\n      || request.socket.remoteAddress\n      || ''\n\n    // throttle the connection\n    return this.throttle(<string> ip) ? Promise.reject() : Promise.resolve()\n  }\n\n}\n"],"names":[],"mappings":"MAUa,QAAQ,CAAA;AAWnB;;AAEG;AACH,IAAA,WAAA,CAAY,aAA8C,EAAA;AAZ1D,QAAA,IAAA,CAAA,aAAa,GAA0B;AACrC,YAAA,QAAQ,EAAE,EAAE;AACZ,YAAA,OAAO,EAAE,CAAC;SACX,CAAA;AAED,QAAA,IAAA,CAAA,eAAe,GAA+B,IAAI,GAAG,EAAE,CAAA;AAEvD,QAAA,IAAA,CAAA,SAAS,GAAwB,IAAI,GAAG,EAAE,CAAA;QAMxC,IAAI,CAAC,aAAa,GAAG;YACnB,GAAG,IAAI,CAAC,aAAa;AACrB,YAAA,GAAG,aAAa;SACjB,CAAA;KACF;AAED;;;AAGG;AACK,IAAA,QAAQ,CAAC,EAAU,EAAA;AACzB,QAAA,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AAChC,YAAA,OAAO,KAAK,CAAA;AACb,SAAA;AAED,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;QAE5C,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,QAAQ,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,EAAE;AACtE,YAAA,OAAO,IAAI,CAAA;AACZ,SAAA;AAED,QAAA,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;;AAGzB,QAAA,MAAM,mBAAmB,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;QAC9D,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;;QAGpC,MAAM,kCAAkC,GAAG,mBAAmB;AAC3D,aAAA,MAAM,CAAC,SAAS,IAAI,SAAS,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;QAE5D,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,kCAAkC,CAAC,CAAA;QAEhE,IAAI,kCAAkC,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AAC3E,YAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;AAClC,YAAA,OAAO,IAAI,CAAA;AACZ,SAAA;AAED,QAAA,OAAO,KAAK,CAAA;KACb;AAED;;;AAGG;AACH,IAAA,SAAS,CAAC,IAAsB,EAAA;AAC9B,QAAA,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;;AAGxB,QAAA,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;AAClC,eAAA,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC;eAClC,OAAO,CAAC,MAAM,CAAC,aAAa;AAC5B,eAAA,EAAE,CAAA;;QAGP,OAAO,IAAI,CAAC,QAAQ,CAAU,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;KACzE;AAEF;;;;"}
+{"version":3,"file":"hocuspocus-throttle.esm.js","sources":["../src/index.ts"],"sourcesContent":["import {\n  Extension,\n  onConnectPayload,\n} from '@hocuspocus/server'\n\nexport interface ThrottleConfiguration {\n  throttle: number | null | false, // how many requests within `consideredSeconds` until we're rejecting requests (setting this to 15 means the 16th request will be rejected)\n  consideredSeconds: number, // how many seconds to consider (default is last 60 seconds from the current connection attempt)\n  banTime: number, // for how long to ban after receiving too many requests (in minutes!)\n  cleanupInterval: number // how often to clean up the records of IPs (this won't delete ips that are still blocked or recent enough by `consideredSeconds`)\n}\n\nexport class Throttle implements Extension {\n\n  configuration: ThrottleConfiguration = {\n    throttle: 15,\n    banTime: 5,\n    consideredSeconds: 60,\n    cleanupInterval: 90,\n  }\n\n  connectionsByIp: Map<string, Array<number>> = new Map()\n\n  bannedIps: Map<string, number> = new Map()\n\n  cleanupInterval?: NodeJS.Timer\n\n  /**\n   * Constructor\n   */\n  constructor(configuration?: Partial<ThrottleConfiguration>) {\n    this.configuration = {\n      ...this.configuration,\n      ...configuration,\n    }\n\n    this.cleanupInterval = setInterval(this.clearMaps.bind(this), this.configuration.cleanupInterval * 1000)\n  }\n\n  onDestroy() {\n    if (this.cleanupInterval) {\n      clearInterval(this.cleanupInterval)\n    }\n\n    return Promise.resolve()\n  }\n\n  public clearMaps() {\n    this.connectionsByIp.forEach((value, key) => {\n      const filteredValue = value\n        .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now())\n\n      if (filteredValue.length) {\n        this.connectionsByIp.set(key, filteredValue)\n      } else {\n        this.connectionsByIp.delete(key)\n      }\n    })\n\n    this.bannedIps.forEach((value, key) => {\n      if (!this.isBanned(key)) {\n        this.bannedIps.delete(key)\n      }\n    })\n  }\n\n  isBanned(ip: string) {\n    const bannedAt = this.bannedIps.get(ip) || 0\n    return Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))\n  }\n\n  /**\n   * Throttle requests\n   * @private\n   */\n  private throttle(ip: string): Boolean {\n    if (!this.configuration.throttle) {\n      return false\n    }\n\n    if (this.isBanned(ip)) return true\n\n    this.bannedIps.delete(ip)\n\n    // add this connection try to the list of previous connections\n    const previousConnections = this.connectionsByIp.get(ip) || []\n    previousConnections.push(Date.now())\n\n    // calculate the previous connections in the last considered time interval\n    const previousConnectionsInTheConsideredInterval = previousConnections\n      .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now())\n\n    this.connectionsByIp.set(ip, previousConnectionsInTheConsideredInterval)\n\n    if (previousConnectionsInTheConsideredInterval.length > this.configuration.throttle) {\n      this.bannedIps.set(ip, Date.now())\n      return true\n    }\n\n    return false\n  }\n\n  /**\n   * onConnect hook\n   * @param data\n   */\n  onConnect(data: onConnectPayload): Promise<any> {\n    const { request } = data\n\n    // get the remote ip address\n    const ip = request.headers['x-real-ip']\n      || request.headers['x-forwarded-for']\n      || request.socket.remoteAddress\n      || ''\n\n    // throttle the connection\n    return this.throttle(<string> ip) ? Promise.reject() : Promise.resolve()\n  }\n\n}\n"],"names":[],"mappings":"MAYa,QAAQ,CAAA;AAenB;;AAEG;AACH,IAAA,WAAA,CAAY,aAA8C,EAAA;AAhB1D,QAAA,IAAA,CAAA,aAAa,GAA0B;AACrC,YAAA,QAAQ,EAAE,EAAE;AACZ,YAAA,OAAO,EAAE,CAAC;AACV,YAAA,iBAAiB,EAAE,EAAE;AACrB,YAAA,eAAe,EAAE,EAAE;SACpB,CAAA;AAED,QAAA,IAAA,CAAA,eAAe,GAA+B,IAAI,GAAG,EAAE,CAAA;AAEvD,QAAA,IAAA,CAAA,SAAS,GAAwB,IAAI,GAAG,EAAE,CAAA;QAQxC,IAAI,CAAC,aAAa,GAAG;YACnB,GAAG,IAAI,CAAC,aAAa;AACrB,YAAA,GAAG,aAAa;SACjB,CAAA;QAED,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;KACzG;IAED,SAAS,GAAA;QACP,IAAI,IAAI,CAAC,eAAe,EAAE;AACxB,YAAA,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;AACpC,SAAA;AAED,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE,CAAA;KACzB;IAEM,SAAS,GAAA;QACd,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,KAAI;YAC1C,MAAM,aAAa,GAAG,KAAK;iBACxB,MAAM,CAAC,SAAS,IAAI,SAAS,IAAI,IAAI,CAAC,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;YAE9F,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;AAC7C,aAAA;AAAM,iBAAA;AACL,gBAAA,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;AACjC,aAAA;AACH,SAAC,CAAC,CAAA;QAEF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,KAAI;AACpC,YAAA,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;AACvB,gBAAA,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;AAC3B,aAAA;AACH,SAAC,CAAC,CAAA;KACH;AAED,IAAA,QAAQ,CAAC,EAAU,EAAA;AACjB,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;QAC5C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,QAAQ,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;KAC1E;AAED;;;AAGG;AACK,IAAA,QAAQ,CAAC,EAAU,EAAA;AACzB,QAAA,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AAChC,YAAA,OAAO,KAAK,CAAA;AACb,SAAA;AAED,QAAA,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;AAAE,YAAA,OAAO,IAAI,CAAA;AAElC,QAAA,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;;AAGzB,QAAA,MAAM,mBAAmB,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;QAC9D,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;;QAGpC,MAAM,0CAA0C,GAAG,mBAAmB;aACnE,MAAM,CAAC,SAAS,IAAI,SAAS,IAAI,IAAI,CAAC,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;QAE9F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,0CAA0C,CAAC,CAAA;QAExE,IAAI,0CAA0C,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;AACnF,YAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;AAClC,YAAA,OAAO,IAAI,CAAA;AACZ,SAAA;AAED,QAAA,OAAO,KAAK,CAAA;KACb;AAED;;;AAGG;AACH,IAAA,SAAS,CAAC,IAAsB,EAAA;AAC9B,QAAA,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;;AAGxB,QAAA,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;AAClC,eAAA,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC;eAClC,OAAO,CAAC,MAAM,CAAC,aAAa;AAC5B,eAAA,EAAE,CAAA;;QAGP,OAAO,IAAI,CAAC,QAAQ,CAAU,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;KACzE;AAEF;;;;"}

package/dist/packages/extension-throttle/src/index.d.ts

@@ -1,16 +1,23 @@
+/// <reference types="node" />
 import { Extension, onConnectPayload } from '@hocuspocus/server';
 export interface ThrottleConfiguration {
     throttle: number | null | false;
+    consideredSeconds: number;
     banTime: number;
+    cleanupInterval: number;
 }
 export declare class Throttle implements Extension {
     configuration: ThrottleConfiguration;
     connectionsByIp: Map<string, Array<number>>;
     bannedIps: Map<string, number>;
+    cleanupInterval?: NodeJS.Timer;
     /**
      * Constructor
      */
     constructor(configuration?: Partial<ThrottleConfiguration>);
+    onDestroy(): Promise<void>;
+    clearMaps(): void;
+    isBanned(ip: string): boolean;
     /**
      * Throttle requests
      * @private

package/dist/tests/extension-throttle/banning.d.ts

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hocuspocus/extension-throttle",
-  "version": "1.0.0-beta.7",
+  "version": "1.0.1",
   "description": "hocuspocus throttle extension",
   "homepage": "https://hocuspocus.dev",
   "keywords": [
@@ -27,7 +27,7 @@
     "dist"
   ],
   "dependencies": {
-    "@hocuspocus/server": "^1.0.0-beta.7"
+    "@hocuspocus/server": "^1.0.1"
   },
   "gitHead": "b3454a4ca289a84ddfb7fa5607a2d4b8d5c37e9d"
 }

package/src/index.ts

@@ -4,8 +4,10 @@ import {
 } from '@hocuspocus/server'
 
 export interface ThrottleConfiguration {
-  throttle: number | null | false,
-  banTime: number,
+  throttle: number | null | false, // how many requests within `consideredSeconds` until we're rejecting requests (setting this to 15 means the 16th request will be rejected)
+  consideredSeconds: number, // how many seconds to consider (default is last 60 seconds from the current connection attempt)
+  banTime: number, // for how long to ban after receiving too many requests (in minutes!)
+  cleanupInterval: number // how often to clean up the records of IPs (this won't delete ips that are still blocked or recent enough by `consideredSeconds`)
 }
 
 export class Throttle implements Extension {
@@ -13,12 +15,16 @@ export class Throttle implements Extension {
   configuration: ThrottleConfiguration = {
     throttle: 15,
     banTime: 5,
+    consideredSeconds: 60,
+    cleanupInterval: 90,
   }
 
   connectionsByIp: Map<string, Array<number>> = new Map()
 
   bannedIps: Map<string, number> = new Map()
 
+  cleanupInterval?: NodeJS.Timer
+
   /**
    * Constructor
    */
@@ -27,6 +33,40 @@ export class Throttle implements Extension {
       ...this.configuration,
       ...configuration,
     }
+
+    this.cleanupInterval = setInterval(this.clearMaps.bind(this), this.configuration.cleanupInterval * 1000)
+  }
+
+  onDestroy() {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval)
+    }
+
+    return Promise.resolve()
+  }
+
+  public clearMaps() {
+    this.connectionsByIp.forEach((value, key) => {
+      const filteredValue = value
+        .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now())
+
+      if (filteredValue.length) {
+        this.connectionsByIp.set(key, filteredValue)
+      } else {
+        this.connectionsByIp.delete(key)
+      }
+    })
+
+    this.bannedIps.forEach((value, key) => {
+      if (!this.isBanned(key)) {
+        this.bannedIps.delete(key)
+      }
+    })
+  }
+
+  isBanned(ip: string) {
+    const bannedAt = this.bannedIps.get(ip) || 0
+    return Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))
   }
 
   /**
@@ -38,11 +78,7 @@ export class Throttle implements Extension {
       return false
     }
 
-    const bannedAt = this.bannedIps.get(ip) || 0
-
-    if (Date.now() < (bannedAt + (this.configuration.banTime * 60 * 1000))) {
-      return true
-    }
+    if (this.isBanned(ip)) return true
 
     this.bannedIps.delete(ip)
 
@@ -50,13 +86,13 @@ export class Throttle implements Extension {
     const previousConnections = this.connectionsByIp.get(ip) || []
     previousConnections.push(Date.now())
 
-    // calculate the previous connections in the last minute
-    const previousConnectionsInTheLastMinute = previousConnections
-      .filter(timestamp => timestamp + (60 * 1000) > Date.now())
+    // calculate the previous connections in the last considered time interval
+    const previousConnectionsInTheConsideredInterval = previousConnections
+      .filter(timestamp => timestamp + (this.configuration.consideredSeconds * 1000) > Date.now())
 
-    this.connectionsByIp.set(ip, previousConnectionsInTheLastMinute)
+    this.connectionsByIp.set(ip, previousConnectionsInTheConsideredInterval)
 
-    if (previousConnectionsInTheLastMinute.length > this.configuration.throttle) {
+    if (previousConnectionsInTheConsideredInterval.length > this.configuration.throttle) {
       this.bannedIps.set(ip, Date.now())
       return true
     }