fix: RateLimiterService (#13997)

* fix rate limit check never ends * fix: long term / short term limitがないときでもそれぞれ用のnew Limiterとlimiter.getが呼ばれる問題 * refactor: wrap ratelimiter with promise * refactor: reimplement max/min with async * refactor: reimplement limit with async * refactor: do not check long term limit inside min * refactor: check if there is rate limit inside min/max function * refactor: remove unnecessary return in min/max function * refactor: remove unnecessary max/min function * refactor: return rate limit instead of throwing an object * fix: レートリミットのfactorが二回適用されて二乗の効果がある問題を修正 * fix lint error --------- Co-authored-by: Kisaragi <48310258+KisaragiEffective@users.noreply.github.com> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
2026-05-14 13:25:48 +02:00 · 2025-05-11 15:37:46 +09:00
parent 2c96f7f258
commit cbc53de823
4 changed files with 65 additions and 81 deletions
--- a/packages/backend/src/server/api/SigninApiService.ts
+++ b/packages/backend/src/server/api/SigninApiService.ts
@@ -89,10 +89,9 @@ export class SigninApiService {
 			return { error };
 		}

-		try {
 		// not more than 1 attempt per second and not more than 10 attempts per hour
-			await this.rateLimiterService.limit({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(request.ip));
-		} catch (err) {
+		const rateLimit = await this.rateLimiterService.limit({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(request.ip));
+		if (rateLimit != null) {
 			reply.code(429);
 			return {
 				error: {