fix: Ignore rate limits for local/loopback IP traffic

When using a proxy in front of the hub you'll get rate limit errors even though the traffic is coming from different IPs. Until we support the `X-Forwarded-For`, this is a quick way to unblock the use of reverse proxies like nginx or Caddy.
farcasterxyz · Sep 25, 2024 · c93bd09 · c93bd09
1 parent 3a24d07
commit c93bd09
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 6 deletions.
diff --git a/.changeset/long-mayflies-march.md b/.changeset/long-mayflies-march.md
@@ -0,0 +1,5 @@
+---
+"@farcaster/hubble": patch
+---
+
+Ignore rate limits for local loopback traffic
diff --git a/apps/hubble/src/rpc/server.ts b/apps/hubble/src/rpc/server.ts
@@ -903,12 +903,14 @@ export default class Server {
           (e) => e,
         )().unwrapOr("unavailable");
 
-        // Check for rate limits
-        const rateLimitResult = await rateLimitByIp(peer, this.submitMessageRateLimiter);
-        if (rateLimitResult.isErr()) {
-          logger.warn({ peer }, "submitMessage rate limited");
-          callback(toServiceError(new HubError("unavailable", "API rate limit exceeded")));
-          return;
+        // Check for rate limits if not local traffic
+        if (!peer.startsWith("127.0.0.1")) {
+          const rateLimitResult = await rateLimitByIp(peer, this.submitMessageRateLimiter);
+          if (rateLimitResult.isErr()) {
+            logger.warn({ peer }, "submitMessage rate limited");
+            callback(toServiceError(new HubError("unavailable", "API rate limit exceeded")));
+            return;
+          }
         }
 
         // Authentication

diff --git a/apps/hubble/src/utils/rateLimits.test.ts b/apps/hubble/src/utils/rateLimits.test.ts
@@ -35,6 +35,13 @@ describe("test rate limits", () => {
     }
   });
 
+  test("don't rate limit local requests", async () => {
+    for (let i = 0; i < 100; i++) {
+      const result = await rateLimitByIp("127.0.0.1:3000", Limit10PerSecond);
+      expect(result.isOk()).toBeTruthy();
+    }
+  });
+
   test("test rate limiting via consumeRateLimit/isRateLimited", async () => {
     // 10 Requests should be fine
     for (let i = 0; i < 10; i++) {