Sterister
96a8c210b2
M-Hard 1: Cryptographic Hardening - constantTimeEqual, zeroize, randomUint32 on CryptoProvider - Fix Math.random() → crypto.randomUint32() for registrationId - Zero message keys and chain keys after use in ratchet.ts - Constant-time trust comparison in MemoryStorage + SQLiteStorage - Timing variance test catches early-exit regressions M-Hard 2: Self-Authenticated Prekey Server - Ed25519 signature verification on all write routes - signPayload/verifyPayload with canonical JSON, ±5 min replay window - Address validation (NFKC, alphanumeric + :_-.) - Global ShadeError → HTTP status mapping - ShadeFetchTransport signs requests when signingPrivateKey provided - Anonymous bundle fetches still allowed (read-only) M-Hard 3: Rate Limiting + DoS Protection - Token bucket rate limiter with pluggable store - Per-route limits: register 5/h/IP, fetch 60/min/IP, replenish 10/min/id - 64KB body size limit on POST - Retry-After header on 429 responses M-Hard 4: Auto-replenish + Fingerprints + Session Reset - Safety numbers (12 groups × 5 digits, Signal-style) - ensurePreKeyStock, resetSession, acceptIdentityChange - verifyRemoteIdentity for out-of-band comparison M-Hard 5: Identity Rotation with Grace Period - rotateIdentity archives old identity, generates fresh signed prekey - RetiredIdentity storage with addRetired/getRetired/pruneRetired - 7-day default grace period for decrypting old sessions - pruneExpiredIdentities for cleanup M-Hard 8: Error Hierarchy - New error types: Network, Storage, Validation, Timeout, RateLimit, Configuration, Unauthorized, Replay, IdentityRotation - All errors have stable SHADE_* codes - errorToHttpStatus for consistent HTTP mapping - toJSON() for network serialization 188 tests passing, zero failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
104 lines
3.0 KiB
TypeScript
104 lines
3.0 KiB
TypeScript
import { RateLimitError } from '@shade/core';
|
|
|
|
/**
|
|
* Simple token-bucket rate limiter with pluggable storage.
|
|
*
|
|
* Default storage is in-memory (Map). For distributed deployments,
|
|
* swap in a Redis-backed RateLimitStore implementation.
|
|
*/
|
|
|
|
export interface RateLimitStore {
|
|
/** Get the current token count and last refill time for a key */
|
|
get(key: string): Promise<{ tokens: number; lastRefill: number } | null>;
|
|
/** Store the current token count and last refill time */
|
|
set(key: string, tokens: number, lastRefill: number): Promise<void>;
|
|
}
|
|
|
|
export class MemoryRateLimitStore implements RateLimitStore {
|
|
private entries = new Map<string, { tokens: number; lastRefill: number }>();
|
|
|
|
async get(key: string) {
|
|
return this.entries.get(key) ?? null;
|
|
}
|
|
|
|
async set(key: string, tokens: number, lastRefill: number) {
|
|
this.entries.set(key, { tokens, lastRefill });
|
|
}
|
|
|
|
/** Periodic cleanup: drop entries older than `maxAge` ms */
|
|
cleanup(maxAge: number) {
|
|
const now = Date.now();
|
|
for (const [key, entry] of this.entries) {
|
|
if (now - entry.lastRefill > maxAge) {
|
|
this.entries.delete(key);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
export interface RateLimitConfig {
|
|
/** Maximum tokens in the bucket (burst capacity) */
|
|
capacity: number;
|
|
/** Tokens added per second */
|
|
refillPerSecond: number;
|
|
}
|
|
|
|
export class RateLimiter {
|
|
constructor(
|
|
private readonly store: RateLimitStore,
|
|
private readonly config: RateLimitConfig,
|
|
) {}
|
|
|
|
/**
|
|
* Attempt to consume one token for the given key.
|
|
* Throws RateLimitError if no tokens available.
|
|
*/
|
|
async consume(key: string, tokens = 1): Promise<void> {
|
|
const now = Date.now();
|
|
const entry = await this.store.get(key);
|
|
|
|
let currentTokens: number;
|
|
if (!entry) {
|
|
currentTokens = this.config.capacity;
|
|
} else {
|
|
const elapsed = (now - entry.lastRefill) / 1000;
|
|
const refilled = elapsed * this.config.refillPerSecond;
|
|
currentTokens = Math.min(this.config.capacity, entry.tokens + refilled);
|
|
}
|
|
|
|
if (currentTokens < tokens) {
|
|
const needed = tokens - currentTokens;
|
|
const retryAfter = Math.ceil(needed / this.config.refillPerSecond);
|
|
throw new RateLimitError(`Rate limit exceeded for ${key}`, retryAfter);
|
|
}
|
|
|
|
await this.store.set(key, currentTokens - tokens, now);
|
|
}
|
|
}
|
|
|
|
// ─── Preset configurations ──────────────────────────────────
|
|
|
|
/** Register: 5 per hour (prevent identity flooding) */
|
|
export const REGISTER_LIMIT: RateLimitConfig = {
|
|
capacity: 5,
|
|
refillPerSecond: 5 / 3600, // 5 per hour
|
|
};
|
|
|
|
/** Fetch bundle: 60 per minute (anonymous, high limit) */
|
|
export const FETCH_LIMIT: RateLimitConfig = {
|
|
capacity: 60,
|
|
refillPerSecond: 1,
|
|
};
|
|
|
|
/** Replenish: 10 per minute per identity */
|
|
export const REPLENISH_LIMIT: RateLimitConfig = {
|
|
capacity: 10,
|
|
refillPerSecond: 10 / 60,
|
|
};
|
|
|
|
/** Delete: 5 per hour per identity */
|
|
export const DELETE_LIMIT: RateLimitConfig = {
|
|
capacity: 5,
|
|
refillPerSecond: 5 / 3600,
|
|
};
|