Implement POST request rate limiting (#490)

* Initial work for rate limiting * Refactor GameServerStartup and change default rate limit config * Adjust config naming and add Enabled option to global and override rate limits * Fix LBP3 republish bug * Fix bugs in rate limiting and allow for multiple matched overrides * Add this qualifier for private variable * Changes from self review
2025-05-15 22:22:27 +00:00 · 2022-09-24 17:18:28 -05:00 · 2022-09-24 17:18:28 -05:00 · 3ad211e5c8
commit 3ad211e5c8
parent 110d81f117
16 changed files with 451 additions and 206 deletions
--- a/ProjectLighthouse.Servers.API/Controllers/UserEndpoints.cs
+++ b/ProjectLighthouse.Servers.API/Controllers/UserEndpoints.cs
@ -59,29 +59,27 @@ public class UserEndpoints : ApiEndpointController
    [HttpPost("user/inviteToken")]
    public async Task<IActionResult> CreateUserInviteToken()
    {
-        if (Configuration.ServerConfiguration.Instance.Authentication.PrivateRegistration ||
-            Configuration.ServerConfiguration.Instance.Authentication.RegistrationEnabled)
+        if (!Configuration.ServerConfiguration.Instance.Authentication.PrivateRegistration &&
+            !Configuration.ServerConfiguration.Instance.Authentication.RegistrationEnabled)
+            return this.NotFound();
+
+        string authHeader = this.Request.Headers["Authorization"];
+        if (string.IsNullOrWhiteSpace(authHeader)) return this.NotFound();
+
+        string authToken = authHeader[(authHeader.IndexOf(' ') + 1)..];
+
+        APIKey? apiKey = await this.database.APIKeys.FirstOrDefaultAsync(k => k.Key == authToken);
+        if (apiKey == null) return this.StatusCode(403, null);
+
+        RegistrationToken token = new()
        {
+            Created = DateTime.Now,
+            Token = CryptoHelper.GenerateAuthToken(),
+        };

-            string authHeader = this.Request.Headers["Authorization"];
-            if (!string.IsNullOrWhiteSpace(authHeader))
-            {
-                string authToken = authHeader.Substring(authHeader.IndexOf(' ') + 1);
+        this.database.RegistrationTokens.Add(token);
+        await this.database.SaveChangesAsync();

-                APIKey? apiKey = await this.database.APIKeys.FirstOrDefaultAsync(k => k.Key == authToken);
-                if (apiKey == null) return this.StatusCode(403, null);
-
-                RegistrationToken token = new();
-                token.Created = DateTime.Now;
-                token.Token = CryptoHelper.GenerateAuthToken();
-
-                this.database.RegistrationTokens.Add(token);
-                await this.database.SaveChangesAsync();
-
-                return Ok(token.Token);
-            }
-
-        }
-        return this.NotFound();
+        return this.Ok(token.Token);
    }
 }