merge conflicts resolved

Author: jondeweydev

package.json

@@ -5,11 +5,12 @@
     "main": "index.js",
     "type": "module",
     "scripts": {
-        "test": "jest --passWithNoTests --coverage",
+        "test": "jest --passWithNoTests --coverage --detectOpenHandles",
         "lint": "eslint src test",
         "lint:fix": "eslint --fix src test @types",
         "prettier": "prettier --write .",
-        "prepare": "husky install"
+        "prepare": "husky install",
+        "build": "tsc"
     },
     "repository": {
         "type": "git",

src/@types/rateLimit.d.ts

@@ -16,17 +16,20 @@ export interface RateLimiter {
 export interface RateLimiterResponse {
     success: boolean;
     tokens: number;
+    retryAfter?: number;
 }
 
 export interface RedisBucket {
     tokens: number;
     timestamp: number;
 }
 
-export interface RedisWindow {
+export interface FixedWindow {
     currentTokens: number;
+    fixedWindowStart: number;
+}
+export interface RedisWindow extends FixedWindow {
     previousTokens: number;
-    fixedWindowStart?: number;
 }
 
 export type RedisLog = RedisBucket[];
@@ -48,18 +51,15 @@ export interface TokenBucketOptions {
 }
 
 /**
- * @type {number} windowSize - Size of each fixed window and the rolling window
- * @type {number} capacity - Number of tokens a window can hold
+ * @type {number} windowSize - size of the window in milliseconds
+ * @type {number} capacity - max number of tokens that can be used in the bucket
  */
-export interface SlidingWindowCounterOptions {
+export interface WindowOptions {
     windowSize: number;
     capacity: number;
 }
 
 // TODO: This will be a union type where we can specify Option types for other Rate Limiters
-// Record<string, never> represents the empty object for alogorithms that don't require settings
+// Record<string, never> represents the empty object for algorithms that don't require settings
 // and might be able to be removed in the future.
-export type RateLimiterOptions =
-    | TokenBucketOptions
-    | SlidingWindowCounterOptions
-    | Record<string, never>;
+export type RateLimiterOptions = TokenBucketOptions | Record<string, never>;

src/analysis/buildTypeWeights.ts

@@ -13,11 +13,12 @@ import {
     isObjectType,
     isScalarType,
     isUnionType,
+    isInputType,
     Kind,
     ValueNode,
     GraphQLUnionType,
     GraphQLFieldMap,
-    GraphQLDirective,
+    isInputObjectType,
 } from 'graphql';
 import { ObjMap } from 'graphql/jsutils/ObjMap';
 import { GraphQLSchema } from 'graphql/type/schema';
@@ -81,11 +82,9 @@ function parseObjectFields(
     // Iterate through the fields and add the required data to the result
     Object.keys(fields).forEach((field: string) => {
         // The GraphQL type that this field represents
-        const fieldType: GraphQLOutputType = fields[field].type;
-        if (
-            isScalarType(fieldType) ||
-            (isNonNullType(fieldType) && isScalarType(fieldType.ofType))
-        ) {
+        let fieldType: GraphQLOutputType = fields[field].type;
+        if (isNonNullType(fieldType)) fieldType = fieldType.ofType;
+        if (isScalarType(fieldType)) {
             result.fields[field] = {
                 weight: typeWeights.scalar,
                 // resolveTo: fields[field].name.toLowerCase(),
@@ -101,7 +100,8 @@ function parseObjectFields(
             };
         } else if (isListType(fieldType)) {
             // 'listType' is the GraphQL type that the list resolves to
-            const listType = fieldType.ofType;
+            let listType = fieldType.ofType;
+            if (isNonNullType(listType)) listType = listType.ofType;
             if (isScalarType(listType) && typeWeights.scalar === 0) {
                 // list won't compound if weight is zero
                 result.fields[field] = {
@@ -135,9 +135,7 @@ function parseObjectFields(
                 // if no directive is supplied to list field
                 fields[field].args.forEach((arg: GraphQLArgument) => {
                     // If field has an argument matching one of the limiting keywords and resolves to a list
-                    // then the weight of the field should be dependent on both the weight of the
-                    // resolved type and the limiting argument.
-                    // FIXME: Can nonnull wrap list types?
+                    // then the weight of the field should be dependent on both the weight of the resolved type and the limiting argument.
                     if (KEYWORDS.includes(arg.name)) {
                         // Get the type that comprises the list
                         result.fields[field] = {
@@ -207,6 +205,7 @@ function compareTypes(a: GraphQLOutputType, b: GraphQLOutputType): boolean {
     return (
         (isObjectType(b) && isObjectType(a) && a.name === b.name) ||
         (isUnionType(b) && isUnionType(a) && a.name === b.name) ||
+        (isEnumType(b) && isEnumType(a) && a.name === b.name) ||
         (isInterfaceType(b) && isInterfaceType(a) && a.name === b.name) ||
         (isScalarType(b) && isScalarType(a) && a.name === b.name) ||
         (isListType(b) && isListType(a) && compareTypes(b.ofType, a.ofType)) ||
@@ -313,24 +312,26 @@ function parseUnionTypes(
              *   c. objects have a resolveTo type.
              *  */
 
-            const current = commonFields[field].type;
+            let current = commonFields[field].type;
+            if (isNonNullType(current)) current = current.ofType;
             if (isScalarType(current)) {
                 fieldTypes[field] = {
                     weight: commonFields[field].weight,
                 };
-            } else if (isObjectType(current) || isInterfaceType(current) || isUnionType(current)) {
+            } else if (
+                isObjectType(current) ||
+                isInterfaceType(current) ||
+                isUnionType(current) ||
+                isEnumType(current)
+            ) {
                 fieldTypes[field] = {
                     resolveTo: commonFields[field].resolveTo,
-                    weight: typeWeights.object,
                 };
             } else if (isListType(current)) {
                 fieldTypes[field] = {
                     resolveTo: commonFields[field].resolveTo,
                     weight: commonFields[field].weight,
                 };
-            } else if (isNonNullType(current)) {
-                throw new Error('non null types not supported on unions');
-                // TODO: also a recursive data structure
             } else {
                 throw new Error('Unhandled union type. Should never get here');
             }
@@ -374,7 +375,7 @@ function parseTypes(schema: GraphQLSchema, typeWeights: TypeWeightSet): TypeWeig
                 };
             } else if (isUnionType(currentType)) {
                 unions.push(currentType);
-            } else if (!isScalarType(currentType)) {
+            } else if (!isScalarType(currentType) && !isInputObjectType(currentType)) {
                 throw new Error(`ERROR: buildTypeWeight: Unsupported type: ${currentType}`);
             }
         }

src/middleware/index.ts

@@ -1,13 +1,16 @@
-import Redis, { RedisOptions } from 'ioredis';
+import EventEmitter from 'events';
+
 import { parse, validate } from 'graphql';
+import { RedisOptions } from 'ioredis';
 import { GraphQLSchema } from 'graphql/type/schema';
 import { Request, Response, NextFunction, RequestHandler } from 'express';
 
 import buildTypeWeightsFromSchema, { defaultTypeWeightsConfig } from '../analysis/buildTypeWeights';
 import setupRateLimiter from './rateLimiterSetup';
 import getQueryTypeComplexity from '../analysis/typeComplexityAnalysis';
-import { RateLimiterOptions, RateLimiterSelection } from '../@types/rateLimit';
+import { RateLimiterOptions, RateLimiterSelection, RateLimiterResponse } from '../@types/rateLimit';
 import { TypeWeightConfig } from '../@types/buildTypeWeights';
+import { connect } from '../utils/redis';
 
 // FIXME: Will the developer be responsible for first parsing the schema from a file?
 // Can consider accepting a string representing a the filepath to a schema
@@ -39,11 +42,72 @@ export function expressRateLimiter(
      */
     // TODO: Throw ValidationError if schema is invalid
     const typeWeightObject = buildTypeWeightsFromSchema(schema, typeWeightConfig);
+
     // TODO: Throw error if connection is unsuccessful
-    const redisClient = new Redis(redisClientOptions); // Default port is 6379 automatically
+    const redisClient = connect(redisClientOptions); // Default port is 6379 automatically
     const rateLimiter = setupRateLimiter(rateLimiterAlgo, rateLimiterOptions, redisClient);
 
-    // return the rate limiting middleware
+    // stores request IDs to be processed
+    const requestQueue: { [index: string]: string[] } = {};
+
+    // Manages processing of event queue
+    const requestEvents = new EventEmitter();
+
+    // Resolves the promise created by throttledProcess
+    async function processRequestResolver(
+        userId: string,
+        timestamp: number,
+        tokens: number,
+        resolve: (value: RateLimiterResponse | PromiseLike<RateLimiterResponse>) => void,
+        reject: (reason: any) => void
+    ) {
+        try {
+            const response = await rateLimiter.processRequest(userId, timestamp, tokens);
+            requestQueue[userId] = requestQueue[userId].slice(1);
+            // trigger the next event
+            resolve(response);
+            requestEvents.emit(requestQueue[userId][0]);
+            if (requestQueue[userId].length === 0) delete requestQueue[userId];
+        } catch (err) {
+            reject(err);
+        }
+    }
+
+    /**
+     * Throttle rateLimiter.processRequest based on user IP to prevent inaccurate redis reads
+     * Throttling is based on a event driven promise fulfillment approach.
+     * Each time a request is received a promise is added to the user's request queue. The promise "subscribes"
+     * to the previous request in the user's queue then calls processRequest and resolves once the previous request
+     * is complete.
+     * @param userId
+     * @param timestamp
+     * @param tokens
+     * @returns
+     */
+    async function throttledProcess(
+        userId: string,
+        timestamp: number,
+        tokens: number
+    ): Promise<RateLimiterResponse> {
+        // Alternatively use crypto.randomUUID() to generate a random uuid
+        const requestId = `${timestamp}${tokens}`;
+
+        if (!requestQueue[userId]) {
+            requestQueue[userId] = [];
+        }
+        requestQueue[userId].push(requestId);
+
+        return new Promise((resolve, reject) => {
+            if (requestQueue[userId].length > 1) {
+                requestEvents.once(requestId, async () => {
+                    await processRequestResolver(userId, timestamp, tokens, resolve, reject);
+                });
+            } else {
+                processRequestResolver(userId, timestamp, tokens, resolve, reject);
+            }
+        });
+    }
+
     return async (
         req: Request,
         res: Response,
@@ -57,7 +121,7 @@ export function expressRateLimiter(
             return next();
         }
         /**
-         * There are numorous ways to get the ip address off of the request object.
+         * There are numerous ways to get the ip address off of the request object.
          * - the header 'x-forward-for' will hold the originating ip address if a proxy is placed infront of the server. This would be commen for a production build.
          * - req.ips wwill hold an array of ip addresses in'x-forward-for' header. client is likely at index zero
          * - req.ip will have the ip address
@@ -66,7 +130,7 @@ export function expressRateLimiter(
          * req.ip and req.ips will worx in express but not with other frameworks
          */
         // check for a proxied ip address before using the ip address on request
-        const ip: string = req.ips[0] || req.ip;
+        const ip: string = req.ips ? req.ips[0] : req.ip;
 
         // FIXME: this will only work with type complexity
         const queryAST = parse(query);
@@ -80,9 +144,9 @@ export function expressRateLimiter(
 
         const queryComplexity = getQueryTypeComplexity(queryAST, variables, typeWeightObject);
         try {
-            // process the request and conditinoally respond to client with status code 429 o
-            // r pass the request onto the next middleware function
-            const rateLimiterResponse = await rateLimiter.processRequest(
+            // process the request and conditinoally respond to client with status code 429 or
+            // pass the request onto the next middleware function
+            const rateLimiterResponse = await throttledProcess(
                 ip,
                 requestTimestamp,
                 queryComplexity

src/middleware/rateLimiterSetup.ts

@@ -1,6 +1,5 @@
 import Redis from 'ioredis';
-import { RateLimiterOptions, RateLimiterSelection, TokenBucketOptions } from '../@types/rateLimit';
-import SlidingWindowCounter from '../rateLimiters/slidingWindowCounter';
+import { RateLimiterOptions, RateLimiterSelection } from '../@types/rateLimit';
 import TokenBucket from '../rateLimiters/tokenBucket';
 
 /**
@@ -26,13 +25,12 @@ export default function setupRateLimiter(
             break;
         case 'LEAKY_BUCKET':
             throw new Error('Leaky Bucket algonithm has not be implemented.');
-            break;
         case 'FIXED_WINDOW':
             throw new Error('Fixed Window algonithm has not be implemented.');
-            break;
         case 'SLIDING_WINDOW_LOG':
-            throw new Error('Sliding Window Log has not be implemented.');
-            break;
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore
+            return new SlidingWindowLog(options.windowSize, options.capacity, client);
         case 'SLIDING_WINDOW_COUNTER':
             // eslint-disable-next-line @typescript-eslint/ban-ts-comment
             // @ts-ignore
@@ -41,6 +39,5 @@ export default function setupRateLimiter(
         default:
             // typescript should never let us invoke this function with anything other than the options above
             throw new Error('Selected rate limiting algorithm is not suppported');
-            break;
     }
 }