From c93bd09967dbefd22cd77086610efaf2528f48b3 Mon Sep 17 00:00:00 2001
From: Shane da Silva <shane@dasilva.io>
Date: Wed, 25 Sep 2024 09:59:56 -0700
Subject: [PATCH] fix: Ignore rate limits for local/loopback IP traffic

When using a proxy in front of the hub you'll get rate limit errors even
though the traffic is coming from different IPs.

Until we support the `X-Forwarded-For`, this is a quick way to unblock
the use of reverse proxies like nginx or Caddy.
---
 .changeset/long-mayflies-march.md        |  5 +++++
 apps/hubble/src/rpc/server.ts            | 14 ++++++++------
 apps/hubble/src/utils/rateLimits.test.ts |  7 +++++++
 3 files changed, 20 insertions(+), 6 deletions(-)
 create mode 100644 .changeset/long-mayflies-march.md

diff --git a/.changeset/long-mayflies-march.md b/.changeset/long-mayflies-march.md
new file mode 100644
index 0000000000..e6bc4e9408
--- /dev/null
+++ b/.changeset/long-mayflies-march.md
@@ -0,0 +1,5 @@
+---
+"@farcaster/hubble": patch
+---
+
+Ignore rate limits for local loopback traffic
diff --git a/apps/hubble/src/rpc/server.ts b/apps/hubble/src/rpc/server.ts
index 13d63038e0..7601900cf4 100644
--- a/apps/hubble/src/rpc/server.ts
+++ b/apps/hubble/src/rpc/server.ts
@@ -903,12 +903,14 @@ export default class Server {
           (e) => e,
         )().unwrapOr("unavailable");
 
-        // Check for rate limits
-        const rateLimitResult = await rateLimitByIp(peer, this.submitMessageRateLimiter);
-        if (rateLimitResult.isErr()) {
-          logger.warn({ peer }, "submitMessage rate limited");
-          callback(toServiceError(new HubError("unavailable", "API rate limit exceeded")));
-          return;
+        // Check for rate limits if not local traffic
+        if (!peer.startsWith("127.0.0.1")) {
+          const rateLimitResult = await rateLimitByIp(peer, this.submitMessageRateLimiter);
+          if (rateLimitResult.isErr()) {
+            logger.warn({ peer }, "submitMessage rate limited");
+            callback(toServiceError(new HubError("unavailable", "API rate limit exceeded")));
+            return;
+          }
         }
 
         // Authentication
diff --git a/apps/hubble/src/utils/rateLimits.test.ts b/apps/hubble/src/utils/rateLimits.test.ts
index 5fb18f7a17..26c2c25d91 100644
--- a/apps/hubble/src/utils/rateLimits.test.ts
+++ b/apps/hubble/src/utils/rateLimits.test.ts
@@ -35,6 +35,13 @@ describe("test rate limits", () => {
     }
   });
 
+  test("don't rate limit local requests", async () => {
+    for (let i = 0; i < 100; i++) {
+      const result = await rateLimitByIp("127.0.0.1:3000", Limit10PerSecond);
+      expect(result.isOk()).toBeTruthy();
+    }
+  });
+
   test("test rate limiting via consumeRateLimit/isRateLimited", async () => {
     // 10 Requests should be fine
     for (let i = 0; i < 10; i++) {