rate limit (#118)

api/auth_user_handler.go

@@ -30,7 +30,6 @@ func (h *AuthUserHandler) Register(router *mux.Router) {
 	router.HandleFunc("/users/{id}", h.UpdateUser).Methods(http.MethodPut)
 	router.HandleFunc("/signup", h.SignUp).Methods(http.MethodPost)
 	router.HandleFunc("/login", h.Login).Methods(http.MethodPost)
-	router.HandleFunc("/verify", h.verify).Methods(http.MethodPost)
 	router.HandleFunc("/config", h.configHandler).Methods(http.MethodPost)
 	// rate limit handler
 	router.HandleFunc("/admin/rate_limit", h.UpdateRateLimit).Methods(http.MethodPost)

api/middleware_authenticate.go

@@ -48,9 +48,14 @@ const (
 )
 
 func IsAuthorizedMiddleware(handler http.Handler) http.Handler {
+	noAuthPaths := map[string]bool{
+		"/":       true,
+		"/login":  true,
+		"/signup": true,
+	}
 	jwtSigningKey := []byte(jwtSecretAndAud.Secret)
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/" || r.URL.Path == "/verify" || r.URL.Path == "/login" || r.URL.Path == "/signup" || strings.HasPrefix(r.URL.Path, "/static") {
+		if _, ok := noAuthPaths[r.URL.Path]; ok || strings.HasPrefix(r.URL.Path, "/static") {
 			handler.ServeHTTP(w, r)
 			return
 		}
@@ -113,3 +118,4 @@ func IsAuthorizedMiddleware(handler http.Handler) http.Handler {
 		}
 	})
 }
+

api/middleware_rateLimit.go

@@ -1,10 +1,7 @@
 package main
 
 import (
-	"database/sql"
-	"errors"
 	"net/http"
-	"strconv"
 
 	"github.com/rotisserie/eris"
 	"github.com/swuecho/chat_backend/sqlc_queries"
@@ -14,13 +11,15 @@ import (
 func RateLimitByUserID(q *sqlc_queries.Queries) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
 			// Get the user ID from the request, e.g. from a JWT token.
 			if r.URL.Path == "/chat" || r.URL.Path == "/chat_stream" {
 				ctx := r.Context()
-				userIDStr := ctx.Value(userContextKey).(string)
-				userIDInt, err := strconv.Atoi(userIDStr)
+				userIDInt, err := getUserID(ctx)
+				// role := ctx.Value(roleContextKey).(string)
+
 				if err != nil {
-					http.Error(w, "Error: '"+userIDStr+"' is not a valid user ID. Please enter a valid user ID.", http.StatusBadRequest)
+					RespondWithError(w, http.StatusUnauthorized, "no user", err)
 					return
 				}
 				messageCount, err := q.GetChatMessagesCount(r.Context(), int32(userIDInt))
@@ -30,12 +29,7 @@ func RateLimitByUserID(q *sqlc_queries.Queries) func(http.Handler) http.Handler
 				}
 				maxRate, err := q.GetRateLimit(r.Context(), int32(userIDInt))
 				if err != nil {
-					if errors.Is(err, sql.ErrNoRows) {
-						maxRate = int32(appConfig.OPENAI.RATELIMIT)
-					} else {
-						http.Error(w, "Could not get rate limit.", http.StatusInternalServerError)
-						return
-					}
+					maxRate = int32(appConfig.OPENAI.RATELIMIT)
 				}
 
 				if messageCount >= int64(maxRate) {

api/sqlc/queries/auth_user_management.sql

@@ -1,6 +1,7 @@
 -- name: GetRateLimit :one
 -- GetRateLimit retrieves the rate limit for a user from the auth_user_management table.
 -- If no rate limit is set for the user, it returns the default rate limit of 100.
-SELECT COALESCE(rate_limit, 100) AS rate_limit
+SELECT rate_limit AS rate_limit
 FROM auth_user_management
 WHERE user_id = $1;
+

web/src/api/index.ts

@@ -77,17 +77,6 @@ export function fetchChatAPIProcess<T>(
   })
 }
 
-export async function fetchVerify(token: string) {
-  try {
-    const response = await request.post('/verify', { token })
-    return response.data
-  }
-  catch (error) {
-    console.error(error)
-    throw error
-  }
-}
-
 export async function fetchLogin(email: string, password: string) {
   try {
     const response = await request.post('/login', { email, password })