Merge branch 'dev' into sh/express-test-corrections

Author: shalarewicz

src/@types/rateLimit.d.ts

@@ -16,6 +16,7 @@ export interface RateLimiter {
 export interface RateLimiterResponse {
     success: boolean;
     tokens: number;
+    retryAfter?: number;
 }
 
 export interface RedisBucket {
@@ -47,7 +48,16 @@ export interface TokenBucketOptions {
     refillRate: number;
 }
 
+/**
+ * @type {number} windowSize - size of the window in milliseconds
+ * @type {number} capacity - max number of tokens that can be used in the bucket
+ */
+export interface WindowOptions {
+    windowSize: number;
+    capacity: number;
+}
+
 // TODO: This will be a union type where we can specify Option types for other Rate Limiters
-// Record<string, never> represents the empty object for alogorithms that don't require settings
+// Record<string, never> represents the empty object for algorithms that don't require settings
 // and might be able to be removed in the future.
 export type RateLimiterOptions = TokenBucketOptions | Record<string, never>;

src/analysis/buildTypeWeights.ts

@@ -80,11 +80,9 @@ function parseObjectFields(
     // Iterate through the fields and add the required data to the result
     Object.keys(fields).forEach((field: string) => {
         // The GraphQL type that this field represents
-        const fieldType: GraphQLOutputType = fields[field].type;
-        if (
-            isScalarType(fieldType) ||
-            (isNonNullType(fieldType) && isScalarType(fieldType.ofType))
-        ) {
+        let fieldType: GraphQLOutputType = fields[field].type;
+        if (isNonNullType(fieldType)) fieldType = fieldType.ofType;
+        if (isScalarType(fieldType)) {
             result.fields[field] = {
                 weight: typeWeights.scalar,
                 // resolveTo: fields[field].name.toLowerCase(),
@@ -100,7 +98,8 @@ function parseObjectFields(
             };
         } else if (isListType(fieldType)) {
             // 'listType' is the GraphQL type that the list resolves to
-            const listType = fieldType.ofType;
+            let listType = fieldType.ofType;
+            if (isNonNullType(listType)) listType = listType.ofType;
             if (isScalarType(listType) && typeWeights.scalar === 0) {
                 // list won't compound if weight is zero
                 result.fields[field] = {
@@ -115,7 +114,6 @@ function parseObjectFields(
                 fields[field].args.forEach((arg: GraphQLArgument) => {
                     // If field has an argument matching one of the limiting keywords and resolves to a list
                     // then the weight of the field should be dependent on both the weight of the resolved type and the limiting argument.
-                    // FIXME: Can nonnull wrap list types?
                     if (KEYWORDS.includes(arg.name)) {
                         // Get the type that comprises the list
                         result.fields[field] = {
@@ -183,6 +181,7 @@ function compareTypes(a: GraphQLOutputType, b: GraphQLOutputType): boolean {
     return (
         (isObjectType(b) && isObjectType(a) && a.name === b.name) ||
         (isUnionType(b) && isUnionType(a) && a.name === b.name) ||
+        (isEnumType(b) && isEnumType(a) && a.name === b.name) ||
         (isInterfaceType(b) && isInterfaceType(a) && a.name === b.name) ||
         (isScalarType(b) && isScalarType(a) && a.name === b.name) ||
         (isListType(b) && isListType(a) && compareTypes(b.ofType, a.ofType)) ||
@@ -289,24 +288,26 @@ function parseUnionTypes(
              *   c. objects have a resolveTo type.
              *  */
 
-            const current = commonFields[field].type;
+            let current = commonFields[field].type;
+            if (isNonNullType(current)) current = current.ofType;
             if (isScalarType(current)) {
                 fieldTypes[field] = {
                     weight: commonFields[field].weight,
                 };
-            } else if (isObjectType(current) || isInterfaceType(current) || isUnionType(current)) {
+            } else if (
+                isObjectType(current) ||
+                isInterfaceType(current) ||
+                isUnionType(current) ||
+                isEnumType(current)
+            ) {
                 fieldTypes[field] = {
                     resolveTo: commonFields[field].resolveTo,
-                    weight: typeWeights.object,
                 };
             } else if (isListType(current)) {
                 fieldTypes[field] = {
                     resolveTo: commonFields[field].resolveTo,
                     weight: commonFields[field].weight,
                 };
-            } else if (isNonNullType(current)) {
-                throw new Error('non null types not supported on unions');
-                // TODO: also a recursive data structure
             } else {
                 throw new Error('Unhandled union type. Should never get here');
             }

src/middleware/rateLimiterSetup.ts

@@ -19,23 +19,25 @@ export default function setupRateLimiter(
     switch (selection) {
         case 'TOKEN_BUCKET':
             // todo validate options
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore
             return new TokenBucket(options.bucketSize, options.refillRate, client);
             break;
         case 'LEAKY_BUCKET':
             throw new Error('Leaky Bucket algonithm has not be implemented.');
-            break;
         case 'FIXED_WINDOW':
             throw new Error('Fixed Window algonithm has not be implemented.');
-            break;
         case 'SLIDING_WINDOW_LOG':
-            throw new Error('Sliding Window Log has not be implemented.');
-            break;
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore
+            return new SlidingWindowLog(options.windowSize, options.capacity, client);
         case 'SLIDING_WINDOW_COUNTER':
-            throw new Error('Sliding Window Counter algonithm has not be implemented.');
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore
+            return new SlidingWindowCounter(options.windowSize, options.capacity, client);
             break;
         default:
             // typescript should never let us invoke this function with anything other than the options above
             throw new Error('Selected rate limiting algorithm is not suppported');
-            break;
     }
 }

src/rateLimiters/slidingWindowCounter.ts

@@ -9,12 +9,12 @@ import { RateLimiter, RateLimiterResponse, RedisWindow } from '../@types/rateLim
  * takeup in each.
  *
  * Whenever a user makes a request the following steps are performed:
- *  1. Fixed minute windows are defined along with redis caches if previously undefined.
- *  2. Rolling minute windows are defined or updated based on the timestamp of the new request.
+ *  1. Fixed windows are defined along with redis caches if previously undefined.
+ *  2. Rolling windows are defined or updated based on the timestamp of the new request.
  *  3. Counter of the current fixed window is updated with the new request's token usage.
  *  4. If a new minute interval is reached, the averaging formula is run to prevent fixed window's flaw
  *     of flooded requests around window borders
- *    (ex. 10 token capacity: 1m59s 10 reqs 2m2s 10 reqs)
+ *    (ex. 1m windows, 10 token capacity: 1m59s 10 reqs 2m2s 10 reqs)
  */
 class SlidingWindowCounter implements RateLimiter {
     private windowSize: number;
@@ -24,7 +24,7 @@ class SlidingWindowCounter implements RateLimiter {
     private client: Redis;
 
     /**
-     * Create a new instance of a TokenBucket rate limiter that can be connected to any database store
+     * Create a new instance of a SlidingWindowCounter rate limiter that can be connected to any database store
      * @param windowSize size of each window in milliseconds (fixed and rolling)
      * @param capacity max capacity of tokens allowed per fixed window
      * @param client redis client where rate limiter will cache information
@@ -38,12 +38,37 @@ class SlidingWindowCounter implements RateLimiter {
     }
 
     /**
+     * @function processRequest - Sliding window counter algorithm to allow or block
+     * based on the depth/complexity (in amount of tokens) of incoming requests.
      *
+     * First, checks if a window exists in the redis cache.
+     *
+     * If not, then `fixedWindowStart` is set as the current timestamp, and `currentTokens`
+     * is checked against `capacity`. If enough room exists for the request, returns
+     * success as true and tokens as how many tokens remain in the current fixed window.
+     *
+     * If a window does exist in the cache, we first check if the timestamp is greater than
+     * the fixedWindowStart + windowSize.
+     *
+     * If it isn't then we check the number of tokens in the arguments as well as in the cache
+     * against the capacity and return success or failure from there while updating the cache.
+     *
+     * If the timestamp is over the windowSize beyond the fixedWindowStart, then we update fixedWindowStart
+     * to be fixedWindowStart + windowSize (to create a new fixed window) and
+     * make previousTokens = currentTokens, and currentTokens equal to the number of tokens in args, if
+     * not over capacity.
+     *
+     * Once previousTokens is not null, we then run functionality using the rolling window to compute
+     * the formula this entire limiting algorithm is distinguished by:
+     *
+     * currentTokens + previousTokens * overlap % of rolling window over previous fixed window
      *
      * @param {string} uuid - unique identifer used to throttle requests
      * @param {number} timestamp - time the request was recieved
      * @param {number} [tokens=1]  - complexity of the query for throttling requests
      * @return {*}  {Promise<RateLimiterResponse>}
+     * RateLimiterResponse: {success: boolean, tokens: number}
+     * (tokens represents the remaining available capacity of the window)
      * @memberof SlidingWindowCounter
      */
     async processRequest(
@@ -57,31 +82,90 @@ class SlidingWindowCounter implements RateLimiter {
         // attempt to get the value for the uuid from the redis cache
         const windowJSON = await this.client.get(uuid);
 
-        // // if the response is null, we need to create a window for the user
-        // if (windowJSON === null) {
-        //     // rolling window is 1 minute long
-        //     const rollingWindowEnd = timestamp + 60000;
-
-        //     // grabs the actual minute from the timestamp to create fixed window
-        //     const fixedWindowStart = timestamp - (timestamp % 10000);
-        //     const fixedWindowEnd = fixedWindowStart + 60000;
-
-        //     const newUserWindow: RedisWindow = {
-        //         // conditionally set tokens depending on how many are requested compared to the capacity
-        //         tokens: tokens > this.capacity ? this.capacity : this.capacity - tokens,
-        //         timestamp,
-        //     };
-
-        //     // reject the request, not enough tokens could even be in the bucket
-        //     if (tokens > this.capacity) {
-        //         await this.client.setex(uuid, keyExpiry, JSON.stringify(newUserWindow));
-        //         return { success: false, tokens: this.capacity };
-        //     }
-        //     await this.client.setex(uuid, keyExpiry, JSON.stringify(newUserWindow));
-        //     return { success: true, tokens: newUserWindow.tokens };
-        // }
-
-        return { success: true, tokens: 0 };
+        // if the response is null, we need to create a window for the user
+        if (windowJSON === null) {
+            const newUserWindow: RedisWindow = {
+                // current and previous tokens represent how many tokens are in each window
+                currentTokens: tokens <= this.capacity ? tokens : 0,
+                previousTokens: 0,
+                fixedWindowStart: timestamp,
+            };
+
+            if (tokens <= this.capacity) {
+                await this.client.setex(uuid, keyExpiry, JSON.stringify(newUserWindow));
+                return { success: true, tokens: this.capacity - newUserWindow.currentTokens };
+            }
+
+            await this.client.setex(uuid, keyExpiry, JSON.stringify(newUserWindow));
+            // tokens property represents how much capacity remains
+            return { success: false, tokens: this.capacity };
+        }
+
+        // if the cache is populated
+
+        const window: RedisWindow = await JSON.parse(windowJSON);
+
+        const updatedUserWindow: RedisWindow = {
+            currentTokens: window.currentTokens,
+            previousTokens: window.previousTokens,
+            fixedWindowStart: window.fixedWindowStart,
+        };
+
+        // if request time is in a new window
+        if (window.fixedWindowStart && timestamp >= window.fixedWindowStart + this.windowSize) {
+            // if more than one window was skipped
+            if (timestamp >= window.fixedWindowStart + this.windowSize * 2) {
+                // if one or more windows was skipped, reset new window to be at current timestamp
+                updatedUserWindow.previousTokens = 0;
+                updatedUserWindow.currentTokens = 0;
+                updatedUserWindow.fixedWindowStart = timestamp;
+            } else {
+                updatedUserWindow.previousTokens = updatedUserWindow.currentTokens;
+                updatedUserWindow.currentTokens = 0;
+                updatedUserWindow.fixedWindowStart = window.fixedWindowStart + this.windowSize;
+            }
+        }
+
+        // assigned to avoid TS error, this var will never be used as 0
+        // var is declared here so that below can be inside a conditional for efficiency's sake
+        let rollingWindowProportion = 0;
+        let previousRollingTokens = 0;
+
+        if (updatedUserWindow.fixedWindowStart && updatedUserWindow.previousTokens) {
+            // proportion of rolling window present in previous window
+            rollingWindowProportion =
+                (this.windowSize - (timestamp - updatedUserWindow.fixedWindowStart)) /
+                this.windowSize;
+
+            // remove unecessary decimals, 0.xx is enough
+            // rollingWindowProportion -= rollingWindowProportion % 0.01;
+
+            // # of tokens present in rolling & previous window
+            previousRollingTokens = Math.floor(
+                updatedUserWindow.previousTokens * rollingWindowProportion
+            );
+        }
+
+        // # of tokens present in rolling and/or current window
+        // if previous tokens is null, previousRollingTokens will be 0
+        const rollingTokens = updatedUserWindow.currentTokens + previousRollingTokens;
+
+        // if request is allowed
+        if (tokens + rollingTokens <= this.capacity) {
+            updatedUserWindow.currentTokens += tokens;
+            await this.client.setex(uuid, keyExpiry, JSON.stringify(updatedUserWindow));
+            return {
+                success: true,
+                tokens: this.capacity - (updatedUserWindow.currentTokens + previousRollingTokens),
+            };
+        }
+
+        // if request is blocked
+        await this.client.setex(uuid, keyExpiry, JSON.stringify(updatedUserWindow));
+        return {
+            success: false,
+            tokens: this.capacity - (updatedUserWindow.currentTokens + previousRollingTokens),
+        };
     }
 
     /**