Merge branch 'fix/geolocation_api_rate-limit' into 'master'

geolocation api rate-limit See merge request les/gancio!23
2023-01-26 21:03:00 +00:00
parent 1ce7e693c5 dea4138049
commit 0c6227ee9a
7 changed files with 199 additions and 48 deletions
--- a/server/api/controller/geocoding.js
+++ b/server/api/controller/geocoding.js
@@ -0,0 +1,132 @@
+const rateLimit = require('express-rate-limit');
+const log = require('../../log')
+const nominatim = require('../../services/geocoding/nominatim')
+const photon = require('../../services/geocoding/photon')
+const axios = require('axios')
+const { version } = require('../../../package.json')
+let d = 0 // departure time
+let h = 0 // hit geocoding provider time (aka Latency)
+
+const geocodingController = {
+  /**
+   * TODO: replace/merge with a general 'instance rate-limiter' or 'instance api-related rate-limiter' when this will be defined
+   */  
+  instanceApiRateLimiter: rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
+    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+    legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+  }),
+
+  /** 
+   * Limit provider api usage.
+   * From https://operations.osmfoundation.org/policies/nominatim/
+   * [Requirements] No heavy uses (an absolute maximum of 1 request per second).
+   * [Websites and Apps] 
+   * - Note that the usage limits above apply per website/application: the sum of traffic by all your users should not exceed the limits.
+   * - If at all possible, set up a proxy and also enable caching of requests. 
+   */
+  providerRateLimit (req, res, next, providerCache) {
+    let a = Date.now(); // arrival time
+    let dprev = d
+    d = dprev + 1000 + h
+
+    // console.log('a: ' + a)
+    // console.log('dprev: ' + dprev)
+    // console.log('d: ' + d)
+
+    // if the same request was already cached skip the delay mechanism
+    if (providerCache.get(req.params.place_details)) {
+      if (a < d) {
+        log.warn('More than 1 request per second to geocoding api. This from ' + req.ip + ' . The response data is served from memory-cache.')
+      }
+      // reset departure time because there is no need to ask provider
+      d = dprev
+      return next()
+    }
+
+    if (d === 0 || a > d) {
+      // no-queue or old-queue
+      // console.log('No queue or Old queue')
+      // arrival time + 10ms estimated computing time
+      d = a + 10 
+      next()
+    } else {
+      // fresh queue
+      // console.log('Fresh queue')
+      let wait = d - a
+      // console.log('Waiting '+ wait)
+      log.warn('More than 1 request per second to geocoding api. This from ' + req.ip + ' . Applying ToS padding before asking to provider. The response data is now cached.')
+      
+      setTimeout(() => {
+        next()
+      }, wait)
+    }
+    
+  },
+
+  async nominatimRateLimit(req, res, next) {
+    geocodingController.providerRateLimit(req, res, next, nominatim.cache)
+  },
+
+  async photonRateLimit(req, res, next) {
+    geocodingController.providerRateLimit(req, res, next, photon.cache)
+  },
+
+  async checkInCache (req, res, details, providerCache) {
+    const ret = await providerCache.get(details)
+    if (ret) {
+      return ret
+    } else {
+      return
+    }
+  },
+
+  async queryProvider(req, res, details, provider) {
+    let RTTstart = Date.now()
+    // console.log('Asking Provider: ' + RTTstart)
+
+    const ret = await axios.get(`${provider.endpoint(req, res)}`, { 
+      params: provider.getParams(req, res),
+      headers: { 'User-Agent': `gancio ${version}` }
+    })
+
+    if (ret) {
+      let RTTend = Date.now()
+      // console.log('Asking Provider: ' + RTTend)
+      // Save the hit time (aka Latency)
+      // console.log('Saving latency h: ' + h)
+      h = (RTTend - RTTstart) / 2
+    }
+
+    // Cache the response data
+    provider.cache.put(details, ret.data, 1000 * 60 * 60 * 24);
+    // console.log(cache.keys())
+    // console.log(cache.exportJson())
+    return ret.data
+  },
+
+
+  async _nominatim (req, res) {
+    const details = req.params.place_details
+
+    const ret = await geocodingController.checkInCache(req, res, details, nominatim.cache) ||
+      await geocodingController.queryProvider(req, res, details, nominatim)
+
+    return res.json(ret)
+
+  },
+
+  async _photon (req, res) {
+    const details = req.params.place_details
+
+    const ret = await geocodingController.checkInCache(req, res, details, photon.cache) ||
+      await geocodingController.queryProvider(req, res, details, photon)
+
+    return res.json(ret)
+
+  },
+
+}
+
+module.exports = geocodingController
--- a/server/api/controller/place.js
+++ b/server/api/controller/place.js
@@ -7,9 +7,6 @@ const { version } = require('../../../package.json')

 const log = require('../../log')
 const { Op, where, col, fn, cast } = require('sequelize')
-const NOMINATIM_URL = 'https://nominatim.openstreetmap.org/search'
-const PHOTON_URL = 'https://photon.komoot.io/api/'
-const axios = require('axios')

 module.exports = {

@@ -75,45 +72,6 @@ module.exports = {

    // TOFIX: don't know why limit does not work
    return res.json(places.slice(0, 10))
-  },
-
-  async _nominatim (req, res) {
-    const details = req.params.place_details
-    const countrycodes = res.locals.settings.geocoding_countrycodes || []
-    const geocoding_provider = res.locals.settings.geocoding_provider || NOMINATIM_URL
-    // ?limit=3&format=json&namedetails=1&addressdetails=1&q=
-
-    const ret = await axios.get(`${geocoding_provider}`, {
-      params: {
-        countrycodes: countrycodes.join(','),
-        q: details,
-        limit: 3,
-        format: 'json',
-        addressdetails: 1,
-        namedetails: 1,
-      },
-      headers: { 'User-Agent': `gancio ${version}` }
-    })
-
-    return res.json(ret.data)
-
-  },
-
-  async _photon (req, res) {
-    const details = req.params.place_details
-    const geocoding_provider = res.locals.settings.geocoding_provider || PHOTON_URL
-
-    const ret = await axios.get(`${geocoding_provider}`, {
-      params: {
-        q: details,
-        limit: 3,
-      },
-      headers: { 'User-Agent': `gancio ${version}` }
-    })
-
-    // console.log(ret)
-    return res.json(ret.data)
-
-  },
+  }

 }
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -19,6 +19,7 @@ const resourceController = require('./controller/resource')
 const oauthController = require('./controller/oauth')
 const announceController = require('./controller/announce')
 const pluginController = require('./controller/plugins')
+const geocodingController = require('./controller/geocoding')
 const helpers = require('../helpers')
 const storage = require('./storage')

@@ -65,7 +66,6 @@ module.exports = () => {
    api.get('/ping', (_req, res) => res.sendStatus(200))
    api.get('/user', isAuth, (req, res) => res.json(req.user))
  
-  
    api.post('/user/recover', userController.forgotPassword)
    api.post('/user/check_recover_code', userController.checkRecoverCode)
    api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)
@@ -173,8 +173,8 @@ module.exports = () => {
    api.put('/place', isAdmin, placeController.updatePlace)

    // - GEOCODING
-    api.get('/placeOSM/Nominatim/:place_details', helpers.isGeocodingEnabled, placeController._nominatim)
-    api.get('/placeOSM/Photon/:place_details', helpers.isGeocodingEnabled, placeController._photon)
+    api.get('/placeOSM/Nominatim/:place_details', helpers.isGeocodingEnabled, geocodingController.instanceApiRateLimiter, geocodingController.nominatimRateLimit, geocodingController._nominatim)
+    api.get('/placeOSM/Photon/:place_details', helpers.isGeocodingEnabled, geocodingController.instanceApiRateLimiter, geocodingController.photonRateLimit, geocodingController._photon)
  
    // - TAGS
    api.get('/tags', isAdmin, tagController.getAll)
--- a/server/services/geocoding/nominatim.js
+++ b/server/services/geocoding/nominatim.js
@@ -0,0 +1,28 @@
+const cache = require('memory-cache')
+const providerCache = new cache.Cache()
+
+const nominatim = {
+  commonName: 'Nominatim',
+  DEFAULT_ENDPOINT: 'https://nominatim.openstreetmap.org/search',
+  endpoint: (req, res) => { 
+    return res.locals.settings.geocoding_provider || nominatim.DEFAULT_ENDPOINT
+  },
+  cache: providerCache,
+
+  getParams (req, res) {
+    const countrycodes = res.locals.settings.geocoding_countrycodes || []
+    const details = req.params.place_details
+
+    return {
+      countrycodes: countrycodes.join(','),
+      q: details,
+      limit: 3,
+      format: 'json',
+      addressdetails: 1,
+      namedetails: 1,
+    }
+  },
+
+}
+
+module.exports = nominatim
--- a/server/services/geocoding/photon.js
+++ b/server/services/geocoding/photon.js
@@ -0,0 +1,23 @@
+const cache = require('memory-cache')
+const providerCache = new cache.Cache()
+
+const photon = {
+  commonName: 'Photon',
+  DEFAULT_ENDPOINT: 'https://photon.komoot.io/api/',
+  endpoint: (req, res) => {
+    return res.locals.settings.geocoding_provider || photon.DEFAULT_ENDPOINT
+  },
+  cache: providerCache,
+
+  getParams (req, res) {
+    const details = req.params.place_details
+
+    return {
+      q: details,
+      limit: 3,
+    }
+  }
+
+}
+
+module.exports = photon