npm - @tiledesk/tiledesk-server - Versions diffs - 2.13.26 → 2.13.27 - Mend

@tiledesk/tiledesk-server 2.13.26 → 2.13.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,10 @@
 🚀        IN PRODUCTION                        🚀
 (https://www.npmjs.com/package/@tiledesk/tiledesk-server/v/2.3.77)
+# 2.13.27
+- Added rate manager for webhook call
+- Increased json body limit for /webhook endpoint
 # 2.13.26
 - Fixed bug: LLM preview not working

package/app.js CHANGED Viewed

@@ -217,10 +217,14 @@ var BanUserNotifier = require('./services/banUserNotifier');
 BanUserNotifier.listen();
 const { ChatbotService } = require('./services/chatbotService');
 const { QuoteManager } = require('./services/QuoteManager');
+const RateManager = require('./services/RateManager');
 let qm = new QuoteManager({ tdCache: tdCache });
 qm.start();
+let rm = new RateManager({ tdCache: tdCache });
 var modulesManager = undefined;
 try {
   modulesManager = require('./services/modulesManager');
@@ -255,7 +259,7 @@ app.set('view engine', 'jade');
 app.set('chatbot_service', new ChatbotService())
 app.set('redis_client', tdCache);
 app.set('quote_manager', qm);
+app.set('rate_manager', rm);
 // TODO DELETE IT IN THE NEXT RELEASE
 if (process.env.ENABLE_ALTERNATIVE_CORS_MIDDLEWARE === "true") {
@@ -287,6 +291,13 @@ if (process.env.ENABLE_ALTERNATIVE_CORS_MIDDLEWARE === "true") {
 const JSON_BODY_LIMIT = process.env.JSON_BODY_LIMIT || '500KB';
 winston.debug("JSON_BODY_LIMIT : " + JSON_BODY_LIMIT);
+const WEBHOOK_BODY_LIMIT = process.env.WEBHOOK_BODY_LIMIT || '5mb';
+winston.debug("WEBHOOK_BODY_LIMIT : " + WEBHOOK_BODY_LIMIT);
+const webhookParser = bodyParser.json({ limit: WEBHOOK_BODY_LIMIT });
+app.use('/webhook', webhookParser, webhook);
 app.use(bodyParser.json({limit: JSON_BODY_LIMIT,
   verify: function (req, res, buf) {
     // var url = req.originalUrl;
@@ -388,7 +399,7 @@ app.options('*', cors());
 // });
+console.log("MAX_UPLOAD_FILE_SIZE: ", process.env.MAX_UPLOAD_FILE_SIZE);
 if (process.env.ROUTELOGGER_ENABLED==="true") {
@@ -517,7 +528,7 @@ app.use('/users_util', usersUtil);
 app.use('/logs', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken], logs);
 app.use('/requests_util', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken], requestUtilRoot);
-app.use('/webhook', webhook);
+//app.use('/webhook', webhook); // moved on top before body parser middleware
 // TODO security issues
 if (process.env.DISABLE_TRANSCRIPT_VIEW_PAGE ) {
@@ -674,13 +685,26 @@ app.use((err, req, res, next) => {
     return res.status(401).json({ err: "error ip filter" });
   }
+  const realIp = req.headers['x-forwarded-for']?.split(',')[0] || req.headers['x-real-ip'] || req.ip;
   //emitted by multer when the file is too big
   if (err.code === "LIMIT_FILE_SIZE") {
     winston.debug("LIMIT_FILE_SIZE");
+    winston.warn(`LIMIT_FILE_SIZE on ${req.originalUrl}`, {
+      limit: process.env.MAX_UPLOAD_FILE_SIZE,
+      ip: req.ip,
+      realIp: realIp
+    });
     return res.status(413).json({ err: "Content Too Large", limit_file_size: process.env.MAX_UPLOAD_FILE_SIZE });
-  }
+  }
+  if (err.type === "entity.too.large" || err.name === "PayloadTooLargeError") {
+    winston.warn("Payload too large", { expected: err.expected, limit: err.limit, length: err.length });
+    return res.status(413).json({ err: "Request entity too large", limit: err.limit});
+  }
-  winston.error("General error:: ", err);
+  winston.error("General error: ", err);
   return res.status(500).json({ err: "error" });
 });

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@tiledesk/tiledesk-server",
   "description": "The Tiledesk server module",
-  "version": "2.13.26",
+  "version": "2.13.27",
   "scripts": {
     "start": "node ./bin/www",
     "pretest": "mongodb-runner start",
@@ -51,8 +51,8 @@
     "@tiledesk/tiledesk-telegram-connector": "^0.1.14",
     "@tiledesk/tiledesk-tybot-connector": "^2.0.31",
     "@tiledesk/tiledesk-voice-twilio-connector": "^0.1.22",
-    "@tiledesk/tiledesk-vxml-connector": "^0.1.78",
-    "@tiledesk/tiledesk-whatsapp-connector": "1.0.10",
+    "@tiledesk/tiledesk-vxml-connector": "^0.1.81",
+    "@tiledesk/tiledesk-whatsapp-connector": "1.0.11",
     "@tiledesk/tiledesk-whatsapp-jobworker": "^0.0.13",
     "amqplib": "^0.5.5",
     "app-root-path": "^3.0.0",

package/routes/webhook.js CHANGED Viewed

@@ -209,6 +209,13 @@ router.all('/:webhook_id', async (req, res) => {
     return res.status(422).send({ success: false, error: "Webhook " + webhook_id + " is currently turned off"})
   }
+  const rate_manager = req.app.get("rate_manager");
+  const allowed = await rate_manager.canExecute(webhook.id_project, null, 'webhook');
+  if (!allowed) {
+    winston.warn("Webhook rate limit exceeded for project " + webhook.id_project)
+    return res.status(429).send({ message: "Rate limit exceeded"});
+  }
   payload.request_id = "automation-request-" + webhook.id_project + "-" + new ObjectId() + "-" + webhook_id;
   // To delete - Start

package/services/RateManager.js ADDED Viewed

@@ -0,0 +1,116 @@
+const project = require("../models/project");
+class RateManager {
+    constructor(config) {
+        if (!config) {
+            throw new Error('config is mandatory')
+        }
+        if (!config.tdCache) {
+            throw new Error('config.tdCache is mandatory')
+        }
+        this.tdCache = config.tdCache;
+        // Default rates
+        this.defaultRates = {
+            webhook: {
+                capacity: parseInt(process.env.BUCKET_WH_CAPACITY) || 10,
+                refill_rate: (parseInt(process.env.BUCKET_WH_REFILL_RATE_PER_MIN) || 10) / 60
+            },
+            message: {
+                capacity: parseInt(process.env.BUCKET_MSG_CAPACITY) || 100,
+                refill_rate: (parseInt(process.env.BUCKET_MSG_REFILL_RATE_PER_MIN) || 100) / 60
+            },
+            block: {
+                capacity: parseInt(process.env.BUCKET_BLK_CAPACITY) || 100,
+                refill_rate: (parseInt(process.env.BUCKET_BLK_REFILL_RATE_PER_MIN) || 100) / 60
+            }
+        }
+    }
+    async canExecute(projectOrId, id, type) {
+        let project = projectOrId;
+        if (typeof projectOrId === 'string') {
+            project = await this.loadProject(projectOrId);
+            id = projectOrId;
+        }
+        const config = await this.getRateConfig(project, type);
+        const key = `bucket:${type}:${id}`
+        let bucket = await this.getBucket(key, type, project);
+        let current_tokens = bucket.tokens;
+        let elapsed = (new Date() - new Date(bucket.timestamp)) / 1000;
+        let tokens = Math.min(config.capacity, current_tokens + (elapsed * config.refill_rate));
+        if (tokens > 0) {
+            tokens -= 1;
+            bucket.tokens = tokens;
+            bucket.timestamp = new Date();
+            this.setBucket(key, bucket)
+            return true;
+        } else {
+            bucket.timestamp = new Date();
+            return false;
+        }
+    }
+    async getRateConfig(project, type) {
+        const baseConfig = this.defaultRates[type];
+        if (!project) {
+            return baseConfig;
+        }
+        const custom = project?.profile?.customization?.rates?.[type];
+        if (!custom) {
+            return baseConfig;
+        }
+        return {
+            ...baseConfig,
+            ...custom
+        }
+    }
+    async setBucket(key, bucket) {
+        const bucket_string = JSON.stringify(bucket);
+        await this.tdCache.set(key, bucket_string, { EX: 600 });
+    }
+    async getBucket(key, type, project) {
+        let bucket = await this.tdCache.get(key);
+        if (bucket) {
+            return JSON.parse(bucket);
+        }
+        bucket = await this.createBucket(type, project);
+        return bucket;
+    }
+    async createBucket(type, project) {
+        const config = await this.getRateConfig(project, type)
+        return {
+            tokens: config.capacity,
+            timestamp: new Date()
+        }
+    }
+    async loadProject(id_project) {
+        // Hint: implement redis cache also for project
+        try {
+            return project.findById(id_project);
+        } catch (err) {
+            winston.error("(RateManager) Error getting project ", err);
+            return null;
+        }
+    }
+}
+module.exports = RateManager;

package/test/webhookRoute.js CHANGED Viewed

@@ -1,6 +1,8 @@
 //During the test the env variable is set to test
 process.env.NODE_ENV = 'test';
 process.env.LOG_LEVEL = 'error';
+process.env.BUCKET_WH_CAPACITY = 2
+process.env.BUCKET_WH_REFILL_RATE = 2 / 60;
 var projectService = require('../services/projectService');
 var userService = require('../services/userService');
@@ -617,4 +619,83 @@ describe('WebhookRoute', () => {
             });
         });
     })
+    it('webhook-rate-limit', (done) => {
+        var email = "test-signup-" + Date.now() + "@email.com";
+        var pwd = "pwd";
+        userService.signup(email, pwd, "Test Firstname", "Test lastname").then(function (savedUser) {
+            projectService.create("test-webhook-create", savedUser._id).then(function (savedProject) {
+                chai.request(server)
+                    .post('/' + savedProject._id + '/faq_kb')
+                    .auth(email, pwd)
+                    .send({ name: "testbot", type: "tilebot", subtype: "webhook", language: "en", template: "blank" })
+                    .end((err, res) => {
+                        if (err) { console.error("err: ", err); }
+                        if (log) { console.log("res.body", res.body); }
+                        res.should.have.status(200);
+                        res.body.should.be.a('object');
+                        let chatbot_id = res.body._id;
+                        let webhook_intent_id = "3bfda939-ff76-4762-bbe0-fc0f0dc4c777"
+                        chai.request(server)
+                            .post('/' + savedProject._id + '/webhooks/')
+                            .auth(email, pwd)
+                            .send({ chatbot_id: chatbot_id, block_id: webhook_intent_id })
+                            .end((err, res) => {
+                                if (err) { console.error("err: ", err); }
+                                if (log) { console.log("res.body", res.body); }
+                                res.should.have.status(200);
+                                res.body.should.be.a('object');
+                                let webhook_id = res.body.webhook_id;
+                                let iterations = 4;
+                                let interval = 1000;
+                                async function send(i) {
+                                    chai.request(server)
+                                        .post('/webhook/' + webhook_id)
+                                        .auth(email, pwd)
+                                        .end((err, res) => {
+                                            if (err) { console.error("err: ", err); }
+                                            if (log) { console.log("res.body", res.body); }
+                                            if (i !== 3) {
+                                                res.should.have.status(200);
+                                                res.body.should.be.a('object');
+                                                expect(res.body.success).to.equal(true);
+                                                expect(res.body.message).to.equal("Webhook disabled in test mode");
+                                            } else {
+                                                res.should.have.status(429);
+                                                res.body.should.be.a('object');
+                                                expect(res.body.message).to.equal("Rate limit exceeded");
+                                            }
+                                            i += 1;
+                                            if (i < iterations) {
+                                                setTimeout(() => {
+                                                    send(i)
+                                                }, interval);
+                                            } else {
+                                                done();
+                                            }
+                                    });
+                                }
+                                send(0);
+                            });
+                    });
+            });
+        });
+    })
 });