Jus*_*uer 5 heroku node.js express
我有这段代码在本地主机上运行(发送没有问题,只有express-rate-limit),但是当我将其部署/推送到我的heroku应用程序并执行发布请求时,它超出了最大限制3。
const router = require('express').Router();
const nodemailer = require('nodemailer');
const rateLimit = require("express-rate-limit");
const apiLimit = rateLimit({
windowMs: 24 * 60 * 60 * 1000, // 24 hrs
max: 3, // limit each IP to 3 requests per windowMs
message: "Spam detected!"
});
router.route('/').post(apiLimit,(req, res) => {
const transport = nodemailer.createTransport({
service: 'gmail',
host : "smtp.gmail.com",
port : "465",
ssl : true,
auth: {
user: process.env.USER,
pass: process.env.PASS
}
});
const mailOptions = {
from: '',
to: '<myemail>',
subject: req.body.subject,
text: "FROM: "+ req.body.email + " MESSAGE: " + req.body.message
};
transport.sendMail(mailOptions, (err, info) => {
err ? res.json(res.status(400).json("Error " + err)) : res.json("Email sent.");
});
});
module.exports = router ;
在本地主机上提供服务是有效的,当我请求超过 3 倍时,它会返回检测到的垃圾邮件消息,并且不再发送邮件。当我在 vscode 上使用rest api 扩展时,这会显示。X-Ratelimit-Remaining: 2如果我再做一些发布请求,则不会改变。
HTTP/1.1 200 OK
Server: Cowboy
Connection: close
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Ratelimit-Limit: 3
X-Ratelimit-Remaining: 2
Date: Sun, 21 Jun 2020 03:09:11 GMT
X-Ratelimit-Reset: 1592793933
Content-Type: application/json; charset=utf-8
Content-Length: 13
Etag: W/"d-EBrE0f9LbjD0DZTwvOVLMa8Lqo8"
Via: 1.1 vegur
"Email sent."
jfr*_*d00 11
当您在heroku上运行express-rate-limit模块时,它似乎没有为客户端获取正确的IP地址?也许是因为 heroku 在你的服务器前面使用代理?
// Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
// see https://expressjs.com/en/guide/behind-proxies.html
// app.set('trust proxy', 1);
所以,看起来您可能需要:
app.set('trust proxy', 1);
这将导致req.ip和req.ips值被填充为来自 X-Forwarded-For 标头的地址列表,这可能是express-rate-limiter 在代理后面运行时所需要的。