Blacklisting and rate limiting

2025-01-20 18:48:52 +00:00 · 2017-04-05 09:29:21 +02:00 · 2017-04-05 09:29:21 +02:00 · 47e716ec11
commit 47e716ec11
parent 8aad4cafae
1 changed files with 23 additions and 1 deletions
--- a/index.js
+++ b/index.js
@ -16,21 +16,43 @@ var express = require('express')

 app.use(cors());

+const blacklistedAddresses = [
+  '0xB48EBFecCb8b3b46917EaC14070a94CAD8AC4d14',
+].map(x => x.toLowerCase())
+
+let blacklistedIPs = []
+
+let nextRequest = {}
+
 app.get('/address/:address', function(req, res, next){
+  const to = req.params.address
+  const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress
+
+  if (blacklistedIPs.indexOf(ip) > -1 || blacklistedAddresses.indexOf(to.toLowerCase()) > -1) {
+    blacklistedIPs.push(ip)
+    console.log('blacklisted ip', ip)
+    return res.status(500).json({ error: "Abuser IP detected.", message: "DDOSing and abusing non documented APIs is a considered a crime. We are just making a public service here.", moreInfo: "https://www.fbi.gov/investigate/cyber"})
+  }
+
+  if (nextRequest[to] > +new Date()) {
+    return res.status(500).json({ error: "This resource is rate limited. Try again later" })
+  }
+
  eth.getTransactionCount(address, (err, nonce) => {
    eth.sendTransaction({
      from: address,
-      to: req.params.address,
      gas: 100000,
      value: (parseFloat(process.env.AMOUNT) || 1.5) * 1e18,
      data: '0xde5f72fd', // sha3('faucet()')
      nonce,
+      to,
    }, (err, txID) => {
      if (err) {
        console.log('Request failed', err)
        return res.status(500).json(err)
      }
      else {
+        nextRequest[to] = +new Date() + 1000 * 60 * 20 // in 20 mins
        console.log('Successful request:', txID)
        res.json({ txID })
      }