feat(api-node): add request-ip (#20967)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
hongbo-miao · Dec 1, 2024 · 928a7c6 · 928a7c6
1 parent b3c7fd8
commit 928a7c6
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 56 deletions.
diff --git a/README.md b/README.md
@@ -187,6 +187,7 @@ The diagram illustrates the repository's architecture, which is considered overl
 - **Network Error Logging** - HTTP header `NEL`
 - **response-time** - HTTP header `X-Response-Time`
 - **connect-timeout** - Request timeout
+- **request-ip** - IP address retrieving
 - **Terminus** - Health check and graceful shutdown
 - **pino** - Logging
 - **dotenv-flow** - Environment variables loading

diff --git a/api-node/package-lock.json b/api-node/package-lock.json
diff --git a/api-node/package.json b/api-node/package.json
@@ -77,6 +77,7 @@
     "pino-http": "10.3.0",
     "rate-limiter-flexible": "5.0.4",
     "report-to": "1.1.0",
+    "request-ip": "3.3.0",
     "response-time": "2.3.3",
     "serve-favicon": "2.5.0",
     "spdy": "4.0.2",
@@ -98,7 +99,7 @@
     "@types/cookie-parser": "1.4.8",
     "@types/cors": "2.8.17",
     "@types/dotenv-flow": "3.3.3",
-    "@types/express": "4.17.21",
+    "@types/express": "5.0.0",
     "@types/express-list-endpoints": "6.0.3",
     "@types/graphql-depth-limit": "1.1.6",
     "@types/graphql-upload": "8.0.12",
@@ -108,6 +109,7 @@
     "@types/lodash.uniq": "4.5.9",
     "@types/multer": "1.4.12",
     "@types/node": "22.10.1",
+    "@types/request-ip": "0.0.41",
     "@types/response-time": "2.3.8",
     "@types/serve-favicon": "2.5.7",
     "@types/spdy": "3.4.9",

diff --git a/api-node/src/security/middlewares/authMiddleware.ts b/api-node/src/security/middlewares/authMiddleware.ts
@@ -3,6 +3,8 @@ import { expressjwt as jwt } from 'express-jwt';
 import config from '../../config';
 
 const authMiddleware = (): RequestHandler => {
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-expect-error
   return jwt({
     secret: config.jwtSecret,
     algorithms: ['HS256'],

diff --git a/api-node/src/security/middlewares/rateLimitMiddleware.ts b/api-node/src/security/middlewares/rateLimitMiddleware.ts
@@ -1,6 +1,7 @@
 import { NextFunction, Request, RequestHandler, Response } from 'express';
 import Redis from 'ioredis';
 import { BurstyRateLimiter, RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
+import { getClientIp } from 'request-ip';
 
 const BURST_POINTS_RATE = 2.5;
 const BURST_DURATION_RATE = 10;
@@ -54,8 +55,9 @@ const rateLimitMiddleware = (
   const rateLimiter = new BurstyRateLimiter(redisRateLimiter, burstRedisRateLimiter);
 
   return (req: Request, res: Response, next: NextFunction) => {
+    const ip = getClientIp(req) || 'unknown';
     return rateLimiter
-      .consume(req.ip)
+      .consume(ip)
       .then(() => {
         next();
       })