@berlingske-media/bm.node-module.gateway_jwt/lib/wrappers/rateLimit.js

AuthGateway JWT verification library based on public JWKS endpoint

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.rateLimitWrapper = void 0;
const tslib_1 = require("tslib");
const limiter_1 = require("limiter");
const errors_1 = require("../errors");
function rateLimitWrapper(client, { jwksRequestsPerMinute = 10 }) {
    const getSigningKey = client.getSigningKey.bind(client);
    const limiter = new limiter_1.RateLimiter({
        tokensPerInterval: jwksRequestsPerMinute,
        interval: 'minute',
        fireImmediately: true,
    });
    client.debug(`Configured rate limiting to JWKS endpoint at ${jwksRequestsPerMinute}/minute`);
    return (kid) => tslib_1.__awaiter(this, void 0, void 0, function* () {
        return new Promise((resolve, reject) => {
            limiter.removeTokens(1).then((remaining) => tslib_1.__awaiter(this, void 0, void 0, function* () {
                client.debug('Requests to the JWKS endpoint available for the next minute:', remaining);
                if (remaining < 0) {
                    console.warn('Too many requests to the JWKS endpoint');
                    reject(new errors_1.JwksRateLimitError('Too many requests to the JWKS endpoint'));
                }
                else {
                    try {
                        const key = yield getSigningKey(kid);
                        resolve(key);
                    }
                    catch (error) {
                        reject(error);
                    }
                }
            }));
        });
    });
}
exports.rateLimitWrapper = rateLimitWrapper;
//# sourceMappingURL=rateLimit.js.map